134 lines
2.9 KiB
YAML
134 lines
2.9 KiB
YAML
|
image:
|
||
|
|
repository: tccr.io/truecharts/k8s_gateway
|
||
|
|
pullPolicy: IfNotPresent
|
||
|
|
tag: 0.3.2@sha256:594fd6990eb2e0af1df7df8ba76cb3ca66232f46c5df5ebf786a45dd19777ae5
|
||
|
|
|
||
|
|
controller:
|
||
|
|
# -- Set additional annotations on the deployment/statefulset/daemonset
|
||
|
|
# -- Number of desired pods
|
||
|
|
replicas: 2
|
||
|
|
# -- Set the controller upgrade strategy
|
||
|
|
# For Deployments, valid values are Recreate (default) and RollingUpdate.
|
||
|
|
# For StatefulSets, valid values are OnDelete and RollingUpdate (default).
|
||
|
|
# DaemonSets ignore this.
|
||
|
|
strategy: RollingUpdate
|
||
|
|
|
||
|
|
securityContext:
|
||
|
|
runAsNonRoot: false
|
||
|
|
|
||
|
|
podSecurityContext:
|
||
|
|
runAsUser: 0
|
||
|
|
runAsGroup: 0
|
||
|
|
|
||
|
|
args: ["-conf", "/etc/coredns/Corefile"]
|
||
|
|
|
||
|
|
# -- TTL for non-apex responses (in seconds)
|
||
|
|
ttl: 300
|
||
|
|
|
||
|
|
# -- Limit what kind of resources to watch, e.g. watchedResources: ["Ingress"]
|
||
|
|
watchedResources: []
|
||
|
|
|
||
|
|
# -- Service name of a secondary DNS server (should be `serviceName.namespace`)
|
||
|
|
secondary: ""
|
||
|
|
|
||
|
|
# -- Override the default `serviceName.namespace` domain apex
|
||
|
|
apex: ""
|
||
|
|
|
||
|
|
# -- list of processed domains
|
||
|
|
domains:
|
||
|
|
# -- Delegated domain
|
||
|
|
- domain: "example.com"
|
||
|
|
# -- Optional configuration option for DNS01 challenge that will redirect all acme
|
||
|
|
# challenge requests to external cloud domain (e.g. managed by cert-manager)
|
||
|
|
# See: https://cert-manager.io/docs/configuration/acme/dns01/
|
||
|
|
dnsChallenge:
|
||
|
|
enabled: false
|
||
|
|
domain: dns01.clouddns.com
|
||
|
|
|
||
|
|
forward:
|
||
|
|
enabled: true
|
||
|
|
primary: tls://1.1.1.1
|
||
|
|
secondary: tls://1.0.0.1
|
||
|
|
options:
|
||
|
|
- name: tls_servername
|
||
|
|
value: cloudflare-dns.com
|
||
|
|
|
||
|
|
serviceAccount:
|
||
|
|
main:
|
||
|
|
# -- Specifies whether a service account should be created
|
||
|
|
enabled: true
|
||
|
|
|
||
|
|
# -- Create a ClusterRole and ClusterRoleBinding
|
||
|
|
# @default -- See below
|
||
|
|
rbac:
|
||
|
|
main:
|
||
|
|
# -- Enables or disables the ClusterRole and ClusterRoleBinding
|
||
|
|
enabled: true
|
||
|
|
|
||
|
|
# -- Set Rules on the ClusterRole
|
||
|
|
rules:
|
||
|
|
- apiGroups:
|
||
|
|
- ""
|
||
|
|
resources:
|
||
|
|
- services
|
||
|
|
- namespaces
|
||
|
|
verbs:
|
||
|
|
- list
|
||
|
|
- watch
|
||
|
|
- apiGroups:
|
||
|
|
- extensions
|
||
|
|
- networking.k8s.io
|
||
|
|
resources:
|
||
|
|
- ingresses
|
||
|
|
verbs:
|
||
|
|
- list
|
||
|
|
- watch
|
||
|
|
|
||
|
|
service:
|
||
|
|
main:
|
||
|
|
ports:
|
||
|
|
main:
|
||
|
|
protocol: UDP
|
||
|
|
port: 53
|
||
|
|
targetPort: 53
|
||
|
|
|
||
|
|
probes:
|
||
|
|
liveness:
|
||
|
|
custom: true
|
||
|
|
spec:
|
||
|
|
httpGet:
|
||
|
|
path: /health
|
||
|
|
port: 8080
|
||
|
|
scheme: HTTP
|
||
|
|
initialDelaySeconds: 60
|
||
|
|
timeoutSeconds: 5
|
||
|
|
successThreshold: 1
|
||
|
|
failureThreshold: 5
|
||
|
|
|
||
|
|
readiness:
|
||
|
|
custom: true
|
||
|
|
spec:
|
||
|
|
httpGet:
|
||
|
|
path: /ready
|
||
|
|
port: 8181
|
||
|
|
scheme: HTTP
|
||
|
|
initialDelaySeconds: 10
|
||
|
|
timeoutSeconds: 5
|
||
|
|
successThreshold: 1
|
||
|
|
failureThreshold: 5
|
||
|
|
|
||
|
|
startup:
|
||
|
|
custom: true
|
||
|
|
spec:
|
||
|
|
httpGet:
|
||
|
|
path: /ready
|
||
|
|
port: 8181
|
||
|
|
scheme: HTTP
|
||
|
|
initialDelaySeconds: 3
|
||
|
|
timeoutSeconds: 2
|
||
|
|
periodSeconds: 5
|
||
|
|
failureThreshold: 60
|
||
|
|
|
||
|
|
portal:
|
||
|
|
enabled: false
|