Fix resources isues 4

2026-01-22 10:36:00 +01:00
parent ac2e8cebf9
commit 6505044f24
1 changed files with 64 additions and 1 deletions
--- a/infrastructure/platform/networking/dns/unbound-helm/prod/values.yaml
+++ b/infrastructure/platform/networking/dns/unbound-helm/prod/values.yaml
@@ -64,4 +64,67 @@ probes:
  liveness:
    initialDelaySeconds: 30
    periodSeconds: 60
-    command: "drill @127.0.0.1 localhost || exit 1"
+    command: "drill @127.0.0.1 localhost || exit 1"
 # Custom unbound configuration to forward internal Kubernetes zones to CoreDNS
 config:
  enabled: true
  content: |
    server:
      interface: 0.0.0.0
      port: 53
      do-ip4: yes
      do-ip6: no
      do-udp: yes
      do-tcp: yes
      # Access control - allow all private networks
      access-control: 10.0.0.0/8 allow
      access-control: 172.16.0.0/12 allow
      access-control: 192.168.0.0/16 allow
      access-control: 127.0.0.0/8 allow
      # DNSSEC validation (required for Mailu)
      auto-trust-anchor-file: "/opt/unbound/etc/unbound/root.key"
      # Performance tuning
      num-threads: 2
      msg-cache-size: 32m
      rrset-cache-size: 64m
      cache-min-ttl: 60
      cache-max-ttl: 86400
      # Logging
      verbosity: 1
      log-queries: no
      log-replies: no
      # Private addresses - don't send to upstream
      private-address: 10.0.0.0/8
      private-address: 172.16.0.0/12
      private-address: 192.168.0.0/16
    # Forward Kubernetes internal zones to CoreDNS (10.152.183.10 for MicroK8s)
    forward-zone:
      name: "cluster.local."
      forward-addr: 10.152.183.10
    forward-zone:
      name: "svc.cluster.local."
      forward-addr: 10.152.183.10
    forward-zone:
      name: "bakery-ia.svc.cluster.local."
      forward-addr: 10.152.183.10
    # Forward in-addr.arpa for reverse DNS lookups within cluster
    forward-zone:
      name: "in-addr.arpa."
      forward-addr: 10.152.183.10
    # Forward all other queries to upstream DNS with DNSSEC
    forward-zone:
      name: "."
      forward-tls-upstream: yes
      forward-addr: 1.1.1.1@853#cloudflare-dns.com
      forward-addr: 8.8.8.8@853#dns.google