bakery-ia/infrastructure/platform/networking/dns/unbound-helm/values.yaml

# Default values for unbound DNS resolver
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

# Global settings
global:
  # DNS service name for other services to reference
  dnsServiceName: "unbound-dns"
  namespace: "bakery-ia"

# Unbound image configuration
image:
  repository: "mvance/unbound"
  tag: "latest"
  pullPolicy: "IfNotPresent"

# Deployment configuration
replicaCount: 1

# Resource limits and requests
resources:
  requests:
    cpu: "100m"
    memory: "128Mi"
  limits:
    cpu: "300m"
    memory: "384Mi"

# Security context
securityContext:
  capabilities:
    add: ["NET_BIND_SERVICE"]

# Service configuration
service:
  type: "ClusterIP"
  # Static ClusterIP for predictable DNS configuration
  # This allows other services (like Mailu) to reference a stable IP
  # Must be within the cluster's service CIDR range (typically 10.96.0.0/12)
  clusterIP: "10.96.53.53"
  ports:
    dnsUdp: 53
    dnsTcp: 53

# Health probes configuration
probes:
  readiness:
    enabled: true
    initialDelaySeconds: 10
    periodSeconds: 30
    command: "drill @127.0.0.1 -p 53 example.org || echo 'DNS query test'"
  liveness:
    enabled: true
    initialDelaySeconds: 30
    periodSeconds: 60
    command: "drill @127.0.0.1 -p 53 example.org || echo 'DNS query test'"

# Additional environment variables
env: {}

# Additional volume mounts
volumeMounts: []

# Additional volumes
volumes: []

# Node selector
nodeSelector: {}

# Tolerations
tolerations: []

# Affinity
affinity: {}

# Pod annotations
podAnnotations: {}

# Service annotations
serviceAnnotations: {}

# Custom unbound configuration
config:
  enabled: false

# Additional containers (sidecars)
extraContainers: []

# Additional init containers
extraInitContainers: []

# Service account configuration
serviceAccount:
  create: false
  annotations: {}
  name: ""

# Pod security context
podSecurityContext: {}
Add new infra architecture 6 2026-01-19 16:31:11 +01:00			`# Default values for unbound DNS resolver`
			`# This is a YAML-formatted file.`
			`# Declare variables to be passed into your templates.`

			`# Global settings`
			`global:`
			`# DNS service name for other services to reference`
			`dnsServiceName: "unbound-dns"`
			`namespace: "bakery-ia"`

			`# Unbound image configuration`
			`image:`
			`repository: "mvance/unbound"`
			`tag: "latest"`
			`pullPolicy: "IfNotPresent"`

			`# Deployment configuration`
			`replicaCount: 1`

			`# Resource limits and requests`
			`resources:`
			`requests:`
			`cpu: "100m"`
			`memory: "128Mi"`
			`limits:`
			`cpu: "300m"`
			`memory: "384Mi"`

			`# Security context`
			`securityContext:`
			`capabilities:`
			`add: ["NET_BIND_SERVICE"]`

			`# Service configuration`
			`service:`
			`type: "ClusterIP"`
Add new infra architecture 9 2026-01-20 07:20:56 +01:00			`# Static ClusterIP for predictable DNS configuration`
			`# This allows other services (like Mailu) to reference a stable IP`
			`# Must be within the cluster's service CIDR range (typically 10.96.0.0/12)`
			`clusterIP: "10.96.53.53"`
Add new infra architecture 6 2026-01-19 16:31:11 +01:00			`ports:`
			`dnsUdp: 53`
			`dnsTcp: 53`

			`# Health probes configuration`
			`probes:`
			`readiness:`
			`enabled: true`
			`initialDelaySeconds: 10`
			`periodSeconds: 30`
			`command: "drill @127.0.0.1 -p 53 example.org \|\| echo 'DNS query test'"`
			`liveness:`
			`enabled: true`
			`initialDelaySeconds: 30`
			`periodSeconds: 60`
			`command: "drill @127.0.0.1 -p 53 example.org \|\| echo 'DNS query test'"`

			`# Additional environment variables`
			`env: {}`

			`# Additional volume mounts`
			`volumeMounts: []`

			`# Additional volumes`
			`volumes: []`

			`# Node selector`
			`nodeSelector: {}`

			`# Tolerations`
			`tolerations: []`

			`# Affinity`
			`affinity: {}`

			`# Pod annotations`
			`podAnnotations: {}`

			`# Service annotations`
			`serviceAnnotations: {}`

			`# Custom unbound configuration`
			`config:`
			`enabled: false`

			`# Additional containers (sidecars)`
			`extraContainers: []`

			`# Additional init containers`
			`extraInitContainers: []`

			`# Service account configuration`
			`serviceAccount:`
			`create: false`
			`annotations: {}`
			`name: ""`

			`# Pod security context`
			`podSecurityContext: {}`