TrueChartsClone/charts/incubator/technitium/values.yaml

image:
  repository: tccr.io/truecharts/technitium
  pullPolicy: IfNotPresent
  tag: v11.3.0@sha256:e7a2cc08975130129dd6c31058af58b32c22336d752242d623acbbf045698046

securityContext:
  container:
    runAsNonRoot: false
    readOnlyRootFilesystem: false
    allowPrivilegeEscalation: true
    runAsUser: 0
    runAsGroup: 0

# Not sure if those will work on k8s
# - "443:443/tcp" #DNS-over-HTTPS service
# - "80:80/tcp" #DNS-over-HTTPS service certbot certificate renewal
# Note sure if this will work with traefik
# - "8053:8053/tcp" #DNS-over-HTTPS using reverse proxy

service:
  main:
    ports:
      main:
        port: 5380
  dns:
    enabled: true
    ports:
      dns-tcp:
        enabled: true
        port: 53
        targetPort: 53
      dns-udp:
        enabled: true
        protocol: udp
        port: 53
        targetPort: 53
  dns-tls:
    enabled: true
    ports:
      dns-tls:
        enabled: true
        protocol: tcp
        port: 853
        targetPort: 853
  dns-cert:
    enabled: true
    ports:
      dns-cert:
        enabled: true
        protocol: tcp
        port: 10202
        targetPort: 80
  dns-https:
    enabled: true
    ports:
      dns-https:
        enabled: true
        protocol: tcp
        port: 10203
        targetPort: 443
  dns-https-proxy:
    enabled: true
    ports:
      dns-https-proxy:
        enabled: true
        protocol: tcp
        port: 10204
        targetPort: 8053

workload:
  main:
    podSpec:
      containers:
        main:
          env:
            DNS_SERVER_WEB_SERVICE_HTTP_PORT: "{{ .Values.service.main.ports.main.port }}"
            DNS_SERVER_ADMIN_PASSWORD: "password"
            DNS_SERVER_DOMAIN: "dns-server"
            DNS_SERVER_PREFER_IPV6: false
            DNS_SERVER_OPTIONAL_PROTOCOL_DNS_OVER_HTTP: false
            DNS_SERVER_WEB_SERVICE_ENABLE_HTTPS: false
            DNS_SERVER_WEB_SERVICE_USE_SELF_SIGNED_CERT: false
            # Allow, Deny, AllowOnlyForPrivateNetworks, UseSpecifiedNetworks
            DNS_SERVER_RECURSION: "AllowOnlyForPrivateNetworks"
            DNS_SERVER_RECURSION_DENIED_NETWORKS: "1.1.1.0/24"
            DNS_SERVER_RECURSION_ALLOWED_NETWORKS: "127.0.0.1, 192.168.1.0/24"
            DNS_SERVER_ENABLE_BLOCKING: false
            DNS_SERVER_ALLOW_TXT_BLOCKING_REPORT: false
            DNS_SERVER_BLOCK_LIST_URLS: ""
            DNS_SERVER_FORWARDERS: "1.1.1.1,8.8.8.8"
            # Udp, Tcp, Tls, Https, HttpsJson
            DNS_SERVER_FORWARDER_PROTOCOL: "Tcp"

persistence:
  config:
    enabled: true
    mountPath: "/etc/dns/config"

portal:
  open:
    enabled: true