TrueChartsCatalogClone/incubator/technitium/4.0.4/ix_values.yaml

102 lines
2.5 KiB
YAML

image:
repository: tccr.io/truecharts/technitium
pullPolicy: IfNotPresent
tag: v11.3.0@sha256:e7a2cc08975130129dd6c31058af58b32c22336d752242d623acbbf045698046
securityContext:
container:
runAsNonRoot: false
readOnlyRootFilesystem: false
allowPrivilegeEscalation: true
runAsUser: 0
runAsGroup: 0
# Not sure if those will work on k8s
# - "443:443/tcp" #DNS-over-HTTPS service
# - "80:80/tcp" #DNS-over-HTTPS service certbot certificate renewal
# Note sure if this will work with traefik
# - "8053:8053/tcp" #DNS-over-HTTPS using reverse proxy
service:
main:
ports:
main:
port: 5380
dns:
enabled: true
ports:
dns-tcp:
enabled: true
port: 53
targetPort: 53
dns-udp:
enabled: true
protocol: udp
port: 53
targetPort: 53
dns-tls:
enabled: true
ports:
dns-tls:
enabled: true
protocol: tcp
port: 853
targetPort: 853
dns-cert:
enabled: true
ports:
dns-cert:
enabled: true
protocol: tcp
port: 10202
targetPort: 80
dns-https:
enabled: true
ports:
dns-https:
enabled: true
protocol: tcp
port: 10203
targetPort: 443
dns-https-proxy:
enabled: true
ports:
dns-https-proxy:
enabled: true
protocol: tcp
port: 10204
targetPort: 8053
workload:
main:
podSpec:
containers:
main:
env:
DNS_SERVER_WEB_SERVICE_HTTP_PORT: "{{ .Values.service.main.ports.main.port }}"
DNS_SERVER_ADMIN_PASSWORD: "password"
DNS_SERVER_DOMAIN: "dns-server"
DNS_SERVER_PREFER_IPV6: false
DNS_SERVER_OPTIONAL_PROTOCOL_DNS_OVER_HTTP: false
DNS_SERVER_WEB_SERVICE_ENABLE_HTTPS: false
DNS_SERVER_WEB_SERVICE_USE_SELF_SIGNED_CERT: false
# Allow, Deny, AllowOnlyForPrivateNetworks, UseSpecifiedNetworks
DNS_SERVER_RECURSION: "AllowOnlyForPrivateNetworks"
DNS_SERVER_RECURSION_DENIED_NETWORKS: "1.1.1.0/24"
DNS_SERVER_RECURSION_ALLOWED_NETWORKS: "127.0.0.1, 192.168.1.0/24"
DNS_SERVER_ENABLE_BLOCKING: false
DNS_SERVER_ALLOW_TXT_BLOCKING_REPORT: false
DNS_SERVER_BLOCK_LIST_URLS: ""
DNS_SERVER_FORWARDERS: "1.1.1.1,8.8.8.8"
# Udp, Tcp, Tls, Https, HttpsJson
DNS_SERVER_FORWARDER_PROTOCOL: "Tcp"
persistence:
config:
enabled: true
mountPath: "/etc/dns/config"
portal:
open:
enabled: true