# Default values for unbound DNS resolver
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

# Global settings
global:
  # DNS service name for other services to reference
  dnsServiceName: "unbound-dns"
  namespace: "bakery-ia"

# Unbound image configuration
image:
  repository: "mvance/unbound"
  tag: "latest"
  pullPolicy: "IfNotPresent"

# Deployment configuration
replicaCount: 1

# Resource limits and requests
resources:
  requests:
    cpu: "100m"
    memory: "128Mi"
  limits:
    cpu: "300m"
    memory: "384Mi"

# Security context
securityContext:
  capabilities:
    add: ["NET_BIND_SERVICE"]

# Service configuration
service:
  type: "ClusterIP"
  # Dynamic ClusterIP - Kubernetes will assign automatically
  # clusterIP: ""  # Leave empty for automatic assignment
  ports:
    dnsUdp: 53
    dnsTcp: 53

# Health probes configuration
probes:
  readiness:
    enabled: true
    initialDelaySeconds: 15
    periodSeconds: 30
    # Simple TCP connectivity check - more reliable than DNS queries
    # Tests if the DNS port is listening and responding
    command: "sh -c 'echo \"\" | nc -w 2 127.0.0.1 53 || exit 1'"
    # Alternative: use curl if available
    # command: "curl -s --max-time 2 http://127.0.0.1:53 || exit 1"
  liveness:
    enabled: true
    initialDelaySeconds: 45
    periodSeconds: 60
    # Simple TCP connectivity check - more reliable than DNS queries
    # Tests if the DNS port is listening and responding
    command: "sh -c 'echo \"\" | nc -w 2 127.0.0.1 53 || exit 1'"
    # Alternative: use curl if available
    # command: "curl -s --max-time 2 http://127.0.0.1:53 || exit 1"

# Additional environment variables
env: {}

# Additional volume mounts
volumeMounts: []

# Additional volumes
volumes: []

# Node selector
nodeSelector: {}

# Tolerations
tolerations: []

# Affinity
affinity: {}

# Pod annotations
podAnnotations: {}

# Service annotations
serviceAnnotations: {}

# Custom unbound configuration
config:
  enabled: false

# Additional containers (sidecars)
extraContainers: []

# Additional init containers
extraInitContainers: []

# Service account configuration
serviceAccount:
  create: false
  annotations: {}
  name: ""

# Pod security context
podSecurityContext: {}