95 lines
2.0 KiB
YAML
95 lines
2.0 KiB
YAML
image:
|
|
repository: tccr.io/truecharts/technitium
|
|
pullPolicy: IfNotPresent
|
|
tag: v8.1@sha256:c3427623ff33ce4d58991ea9167765e6ac8701a6931766d23313500e22b39923
|
|
|
|
securityContext:
|
|
readOnlyRootFilesystem: false
|
|
runAsNonRoot: false
|
|
allowPrivilegeEscalation: true
|
|
|
|
podSecurityContext:
|
|
runAsUser: 0
|
|
runAsGroup: 0
|
|
|
|
secretEnv:
|
|
DNS_SERVER_ADMIN_PASSWORD: "password"
|
|
|
|
env:
|
|
DNS_SERVER_DOMAIN: "dns-server"
|
|
DNS_SERVER_PREFER_IPV6: false
|
|
DNS_SERVER_OPTIONAL_PROTOCOL_DNS_OVER_HTTP: false
|
|
DNS_SERVER_RECURSION: "AllowOnlyForPrivateNetworks"
|
|
DNS_SERVER_RECURSION_DENIED_NETWORKS: "1.1.1.0/24"
|
|
DNS_SERVER_RECURSION_ALLOWED_NETWORKS: "127.0.0.1, 192.168.1.0/24"
|
|
DNS_SERVER_ENABLE_BLOCKING: false
|
|
DNS_SERVER_ALLOW_TXT_BLOCKING_REPORT: false
|
|
DNS_SERVER_FORWARDERS: "1.1.1.1, 8.8.8.8"
|
|
DNS_SERVER_FORWARDER_PROTOCOL: "Tcp"
|
|
|
|
service:
|
|
main:
|
|
ports:
|
|
main:
|
|
port: 5380
|
|
targetPort: 5380
|
|
dns-tcp:
|
|
enabled: true
|
|
ports:
|
|
dns-tcp:
|
|
enabled: true
|
|
port: 53
|
|
targetPort: 53
|
|
dns-udp:
|
|
enabled: true
|
|
ports:
|
|
dns-udp:
|
|
enabled: true
|
|
protocol: UDP
|
|
port: 53
|
|
targetPort: 53
|
|
dns-tls:
|
|
enabled: true
|
|
ports:
|
|
dns-tls:
|
|
enabled: true
|
|
protocol: TCP
|
|
port: 853
|
|
targetPort: 853
|
|
dns-cert:
|
|
enabled: true
|
|
ports:
|
|
dns-cert:
|
|
enabled: true
|
|
protocol: TCP
|
|
port: 10202
|
|
targetPort: 80
|
|
dns-https:
|
|
enabled: true
|
|
ports:
|
|
dns-https:
|
|
enabled: true
|
|
protocol: TCP
|
|
port: 10203
|
|
targetPort: 443
|
|
dns-https-proxy:
|
|
enabled: true
|
|
ports:
|
|
dns-https-proxy:
|
|
enabled: true
|
|
protocol: TCP
|
|
port: 10204
|
|
targetPort: 8053
|
|
|
|
|
|
# Not sure if those will work on k8s
|
|
# - "443:443/tcp" #DNS-over-HTTPS service
|
|
# - "80:80/tcp" #DNS-over-HTTPS service certbot certificate renewal
|
|
# Note sure if this will work with traefik
|
|
# - "8053:8053/tcp" #DNS-over-HTTPS using reverse proxy
|
|
|
|
persistence:
|
|
config:
|
|
enabled: true
|
|
mountPath: "/etc/dns/config"
|