I have a 3 node raspberry pi cluster using k3s. I'm using this helm chart to install pi-hole on my cluster. Everything works great except I am unable to add domains to the black list and white list from the admin ui. I'm getting the error:
I've searched and searched on google and have found no solution that works for me. A useful piece of info I've found is that www-data is unable to insert into the the gravity.db:
sudo -u www-data sqlite3 /etc/pihole/gravity.db "INSERT INTO domainlist (domain) VALUES ('test.domain2');"
Error: attempt to write a readonly database
Even though the www-data user is a part of the pihole group:
groups www-data
www-data : www-data pihole
Here are the permissions of the /etc/pihole folder:
ls -al /etc/pihole
total 6884
drwxrwxr-x 3 pihole pihole 4096 May 27 16:41 .
drwxrwxr-x 1 root root 4096 May 27 16:33 ..
-rw-r--r-- 1 root root 14 May 27 16:34 GitHubVersions
-rw-r--r-- 1 root root 596 May 27 16:33 dns-servers.conf
-rw-rw-r-- 1 pihole pihole 5181440 May 27 16:34 gravity.db
-rw-r--r-- 1 root root 1132407 May 27 16:33 list.0.raw.githubusercontent.com.domains
-rw-r--r-- 1 root root 594591 May 27 16:33 list.1.mirror1.malwaredomains.com.domains
-rw-r--r-- 1 root root 521 May 27 16:33 list.2.s3.amazonaws.com.domains
-rw-r--r-- 1 root root 43529 May 27 16:33 list.3.s3.amazonaws.com.domains
-rw-r--r-- 1 root root 47 May 27 16:33 local.list
-rw-r--r-- 1 root root 20 May 27 16:40 localbranches
-rw-r--r-- 1 root root 37 May 27 16:40 localversions
drwxr-xr-x 2 root root 4096 May 27 16:33 migration_backup
-rw-r--r-- 1 pihole pihole 0 May 27 16:33 pihole-FTL.conf
-rw-r--r-- 1 root root 45056 May 27 16:41 pihole-FTL.db
-rw-r--r-- 1 root root 443 May 27 16:34 setupVars.conf
-rw-r--r-- 1 root root 0 May 27 16:33 setupVars.conf.update.bak
Here is my debug token: https://tricorder.pi-hole.net/bfbghm9uv0
I also realized that if I take away the persistent volume for /etc/pihole the ui works as expected, but this isn't really ideal since I want to keep that data persistent incase a pod fails.
I've tried messing around with pod security contexts, but with no solution. Please help!