image: repository: tccr.io/truecharts/technitium pullPolicy: IfNotPresent tag: v11.3.0@sha256:e7a2cc08975130129dd6c31058af58b32c22336d752242d623acbbf045698046 securityContext: container: runAsNonRoot: false readOnlyRootFilesystem: false allowPrivilegeEscalation: true runAsUser: 0 runAsGroup: 0 # Not sure if those will work on k8s # - "443:443/tcp" #DNS-over-HTTPS service # - "80:80/tcp" #DNS-over-HTTPS service certbot certificate renewal # Note sure if this will work with traefik # - "8053:8053/tcp" #DNS-over-HTTPS using reverse proxy service: main: ports: main: port: 5380 dns: enabled: true ports: dns-tcp: enabled: true port: 53 targetPort: 53 dns-udp: enabled: true protocol: udp port: 53 targetPort: 53 dns-tls: enabled: true ports: dns-tls: enabled: true protocol: tcp port: 853 targetPort: 853 dns-cert: enabled: true ports: dns-cert: enabled: true protocol: tcp port: 10202 targetPort: 80 dns-https: enabled: true ports: dns-https: enabled: true protocol: tcp port: 10203 targetPort: 443 dns-https-proxy: enabled: true ports: dns-https-proxy: enabled: true protocol: tcp port: 10204 targetPort: 8053 workload: main: podSpec: containers: main: env: DNS_SERVER_WEB_SERVICE_HTTP_PORT: "{{ .Values.service.main.ports.main.port }}" DNS_SERVER_ADMIN_PASSWORD: "password" DNS_SERVER_DOMAIN: "dns-server" DNS_SERVER_PREFER_IPV6: false DNS_SERVER_OPTIONAL_PROTOCOL_DNS_OVER_HTTP: false DNS_SERVER_WEB_SERVICE_ENABLE_HTTPS: false DNS_SERVER_WEB_SERVICE_USE_SELF_SIGNED_CERT: false # Allow, Deny, AllowOnlyForPrivateNetworks, UseSpecifiedNetworks DNS_SERVER_RECURSION: "AllowOnlyForPrivateNetworks" DNS_SERVER_RECURSION_DENIED_NETWORKS: "1.1.1.0/24" DNS_SERVER_RECURSION_ALLOWED_NETWORKS: "127.0.0.1, 192.168.1.0/24" DNS_SERVER_ENABLE_BLOCKING: false DNS_SERVER_ALLOW_TXT_BLOCKING_REPORT: false DNS_SERVER_BLOCK_LIST_URLS: "" DNS_SERVER_FORWARDERS: "1.1.1.1,8.8.8.8" # Udp, Tcp, Tls, Https, HttpsJson DNS_SERVER_FORWARDER_PROTOCOL: "Tcp" persistence: config: enabled: true mountPath: "/etc/dns/config" portal: open: enabled: true