119 lines
2.4 KiB
YAML
119 lines
2.4 KiB
YAML
image:
|
|
repository: tccr.io/truecharts/k8s_gateway
|
|
pullPolicy: IfNotPresent
|
|
tag: v0.2.4@sha256:cc621e57c73aab461b64e561d56181c9f67b59d006ab548fedfee660f08965f9
|
|
|
|
securityContext:
|
|
runAsNonRoot: false
|
|
|
|
podSecurityContext:
|
|
runAsUser: 0
|
|
runAsGroup: 0
|
|
|
|
args: ["-conf", "/etc/coredns/Corefile"]
|
|
|
|
# -- TTL for non-apex responses (in seconds)
|
|
ttl: 300
|
|
|
|
# -- Limit what kind of resources to watch, e.g. watchedResources: ["Ingress"]
|
|
watchedResources: []
|
|
|
|
# -- Service name of a secondary DNS server (should be `serviceName.namespace`)
|
|
secondary: ""
|
|
|
|
# -- Override the default `serviceName.namespace` domain apex
|
|
apex: ""
|
|
|
|
# -- list of processed domains
|
|
domains:
|
|
# -- Delegated domain
|
|
- domain: "example.com"
|
|
# -- Optional configuration option for DNS01 challenge that will redirect all acme
|
|
# challenge requests to external cloud domain (e.g. managed by cert-manager)
|
|
# See: https://cert-manager.io/docs/configuration/acme/dns01/
|
|
dnsChallenge:
|
|
enabled: false
|
|
domain: dns01.clouddns.com
|
|
|
|
forward:
|
|
enabled: true
|
|
primary: tls://1.1.1.1
|
|
secondary: tls://1.0.0.1
|
|
options:
|
|
- name: tls_servername
|
|
value: cloudflare-dns.com
|
|
|
|
serviceAccount:
|
|
# -- Specifies whether a service account should be created
|
|
create: true
|
|
|
|
# -- Create a ClusterRole and ClusterRoleBinding
|
|
# @default -- See below
|
|
rbac:
|
|
# -- Enables or disables the ClusterRole and ClusterRoleBinding
|
|
enabled: true
|
|
|
|
# -- Set Rules on the ClusterRole
|
|
rules:
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- services
|
|
- namespaces
|
|
verbs:
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- extensions
|
|
- networking.k8s.io
|
|
resources:
|
|
- ingresses
|
|
verbs:
|
|
- list
|
|
- watch
|
|
|
|
service:
|
|
main:
|
|
ports:
|
|
main:
|
|
protocol: UDP
|
|
port: 53
|
|
targetPort: 53
|
|
|
|
probes:
|
|
liveness:
|
|
custom: true
|
|
spec:
|
|
httpGet:
|
|
path: /health
|
|
port: 8080
|
|
scheme: HTTP
|
|
initialDelaySeconds: 60
|
|
timeoutSeconds: 5
|
|
successThreshold: 1
|
|
failureThreshold: 5
|
|
|
|
readiness:
|
|
custom: true
|
|
spec:
|
|
httpGet:
|
|
path: /ready
|
|
port: 8181
|
|
scheme: HTTP
|
|
initialDelaySeconds: 10
|
|
timeoutSeconds: 5
|
|
successThreshold: 1
|
|
failureThreshold: 5
|
|
|
|
startup:
|
|
custom: true
|
|
spec:
|
|
httpGet:
|
|
path: /ready
|
|
port: 8181
|
|
scheme: HTTP
|
|
initialDelaySeconds: 3
|
|
timeoutSeconds: 2
|
|
periodSeconds: 5
|
|
failureThreshold: 60
|