image: repository: tccr.io/truecharts/technitium pullPolicy: IfNotPresent tag: v8.1@sha256:bd2688162b50a76c0cd526ed6f70a1561f520041f726b9ea655e0d1796947e9e securityContext: readOnlyRootFilesystem: false runAsNonRoot: false allowPrivilegeEscalation: true podSecurityContext: runAsUser: 0 runAsGroup: 0 secretEnv: DNS_SERVER_ADMIN_PASSWORD: "password" env: DNS_SERVER_DOMAIN: "dns-server" DNS_SERVER_PREFER_IPV6: false DNS_SERVER_OPTIONAL_PROTOCOL_DNS_OVER_HTTP: false DNS_SERVER_RECURSION: "AllowOnlyForPrivateNetworks" DNS_SERVER_RECURSION_DENIED_NETWORKS: "1.1.1.0/24" DNS_SERVER_RECURSION_ALLOWED_NETWORKS: "127.0.0.1, 192.168.1.0/24" DNS_SERVER_ENABLE_BLOCKING: false DNS_SERVER_ALLOW_TXT_BLOCKING_REPORT: false DNS_SERVER_FORWARDERS: "1.1.1.1, 8.8.8.8" DNS_SERVER_FORWARDER_PROTOCOL: "Tcp" service: main: ports: main: port: 5380 targetPort: 5380 dns-tcp: enabled: true ports: dns-tcp: enabled: true port: 53 targetPort: 53 dns-udp: enabled: true ports: dns-udp: enabled: true protocol: UDP port: 53 targetPort: 53 dns-tls: enabled: true ports: dns-tls: enabled: true protocol: TCP port: 853 targetPort: 853 dns-cert: enabled: true ports: dns-cert: enabled: true protocol: TCP port: 10202 targetPort: 80 dns-https: enabled: true ports: dns-https: enabled: true protocol: TCP port: 10203 targetPort: 443 dns-https-proxy: enabled: true ports: dns-https-proxy: enabled: true protocol: TCP port: 10204 targetPort: 8053 # Not sure if those will work on k8s # - "443:443/tcp" #DNS-over-HTTPS service # - "80:80/tcp" #DNS-over-HTTPS service certbot certificate renewal # Note sure if this will work with traefik # - "8053:8053/tcp" #DNS-over-HTTPS using reverse proxy persistence: config: enabled: true mountPath: "/etc/dns/config" portal: enabled: true