# Development values for unbound DNS resolver
# Using same configuration as production for consistency

# Use official image for development (same as production)
image:
  repository: "mvance/unbound"
  tag: "latest"
  pullPolicy: "IfNotPresent"

# Resource settings (slightly lower than production for dev)
resources:
  requests:
    cpu: "100m"
    memory: "128Mi"
  limits:
    cpu: "300m"
    memory: "384Mi"

# Single replica for development (can be scaled if needed)
replicaCount: 1

# Development annotations
podAnnotations:
  environment: "development"
  managed-by: "helm"

# Probe settings (same as production but slightly faster)
probes:
  readiness:
    initialDelaySeconds: 10
    periodSeconds: 30
    command: "drill @127.0.0.1 -p 53 example.org || echo 'DNS query test'"
  liveness:
    initialDelaySeconds: 30
    periodSeconds: 60
    command: "drill @127.0.0.1 -p 53 example.org || echo 'DNS query test'"

# Custom Unbound forward records for Kubernetes DNS
config:
  enabled: true
  # The mvance/unbound image includes forward-records.conf
  # We need to add Kubernetes-specific forwarding zones
  forwardRecords: |
    # Forward all queries to Cloudflare with DNSSEC (catch-all)
    forward-zone:
        name: "."
        forward-tls-upstream: yes
        forward-addr: 1.1.1.1@853#cloudflare-dns.com
        forward-addr: 1.0.0.1@853#cloudflare-dns.com

  # Additional server config to mark cluster.local as insecure (no DNSSEC)
  # and use stub zones for Kubernetes internal DNS (more reliable than forward)
  serverConfig: |
    domain-insecure: "cluster.local."
    private-domain: "cluster.local."
    local-zone: "10.in-addr.arpa." nodefault

    stub-zone:
        name: "cluster.local."
        stub-addr: 10.96.0.10

    stub-zone:
        name: "10.in-addr.arpa."
        stub-addr: 10.96.0.10