# Default values for unbound DNS resolver
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

# Global settings
global:
  # DNS service name for other services to reference
  dnsServiceName: "unbound-dns"
  namespace: "bakery-ia"

# Unbound image configuration
image:
  repository: "mvance/unbound"
  tag: "latest"
  pullPolicy: "IfNotPresent"

# Deployment configuration
replicaCount: 1

# Resource limits and requests
resources:
  requests:
    cpu: "100m"
    memory: "128Mi"
  limits:
    cpu: "300m"
    memory: "384Mi"

# Security context
securityContext:
  capabilities:
    add: ["NET_BIND_SERVICE"]

# Service configuration
service:
  type: "ClusterIP"
  # Static ClusterIP for predictable DNS configuration
  # This allows other services (like Mailu) to reference a stable IP
  # Must be within the cluster's service CIDR range (typically 10.96.0.0/12)
  clusterIP: "10.96.53.53"
  ports:
    dnsUdp: 53
    dnsTcp: 53

# Health probes configuration
probes:
  readiness:
    enabled: true
    initialDelaySeconds: 10
    periodSeconds: 30
    command: "drill @127.0.0.1 -p 53 example.org || echo 'DNS query test'"
  liveness:
    enabled: true
    initialDelaySeconds: 30
    periodSeconds: 60
    command: "drill @127.0.0.1 -p 53 example.org || echo 'DNS query test'"

# Additional environment variables
env: {}

# Additional volume mounts
volumeMounts: []

# Additional volumes
volumes: []

# Node selector
nodeSelector: {}

# Tolerations
tolerations: []

# Affinity
affinity: {}

# Pod annotations
podAnnotations: {}

# Service annotations
serviceAnnotations: {}

# Custom unbound configuration
config:
  enabled: false

# Additional containers (sidecars)
extraContainers: []

# Additional init containers
extraInitContainers: []

# Service account configuration
serviceAccount:
  create: false
  annotations: {}
  name: ""

# Pod security context
podSecurityContext: {}