Pi-hole in Azure Container Instances

April 11, 2020
azure, azure-container-instance, pi-hole

A simple guide to deploy Pi-hole, a black hole for Internet advertisements, in Azure Container Instances.

1. Install Azure CLI and set your subscription

> az login

> az account set --subscription <subscription_id>

2. Create a Resource Group

> az group create --name <rg_name> --location <location>

3. Create a Storage account

> az storage account create --resource-group <rg_name> --name <storage_name> --location <location> --sku Standard_LRS

4. Create two file shares in the storage account created in the last step

az storage share create --account-name <storage_name> --name etc-pihole

az storage share create --account-name <storage_name> --name etc-dnsmasq

5. Obtain the storage account key

STORAGE_KEY=$(az storage account keys list --resource-group <rg_name> --account-name <storage_name> --query "[0].value" --output tsv)

5. Since our container will require a good number of configuration, let’s use a yaml file

deploy-pi-hole.yaml

name: <container_group_name>
apiVersion: '2018-10-01'
location: <location>
tags: {}
properties:
  containers:
  - name: <container_name>
    properties:
      image: pihole/pihole:latest
      ports:
      - protocol: UDP
        port: 53
      - protocol: UDP
        port: 67
      - protocol: TCP
        port: 80
      - protocol: TCP
        port: 443
      environmentVariables:
      - name: TZ
        value: Asia/Kolkata
      - name: WEBPASSWORD
        value: <custom_large_string>
      resources:
        requests:
          memoryInGB: 1
          cpu: 1
      volumeMounts:
      - name: pihole
        mountPath: /etc/pihole/
        readOnly: false
      - name: dnsmasq
        mountPath: /etc/dnsmasq.d/
        readOnly: false
  restartPolicy: Always
  ipAddress:
    ports:
    - protocol: UDP
      port: 53
    - protocol: UDP
      port: 67
    - protocol: TCP
      port: 80
    - protocol: TCP
      port: 443
    type: public
    dnsNameLabel: <custom_dnsname>
  osType: Linux
  volumes:
  - name: pihole
    azureFile:
      shareName: etc-pihole
      readOnly: false
      storageAccountName: <storage_name>
      storageAccountKey: <value of $STORAGE_KEY>
  - name: dnsmasq
    azureFile:
      shareName: etc-dnsmasq
      readOnly: false
      storageAccountName: <storage_name>
      storageAccountKey: <value of $STORAGE_KEY>

Replace the place holders in the yaml file.

6. Create the container instance

az container create --resource-group <rg_name> --file deploy-pi-hole.yaml

7. Get the IP address of the pi-hole running as container instance.

az container show --resource-group <rg_name> --name <container_group_name> --query ipAddress.ip --output tsv

Update: It has been 10 days since I started using pi-hole and it has blocked ~31% of my DNS queries so far.

Pi-hole stats