105 lines
2.2 KiB
YAML
105 lines
2.2 KiB
YAML
# Default values for unbound DNS resolver
|
|
# This is a YAML-formatted file.
|
|
# Declare variables to be passed into your templates.
|
|
#
|
|
# PURPOSE: Provides DNSSEC validation for Mailu email server
|
|
# CoreDNS does NOT support DNSSEC, so Unbound fills this gap.
|
|
# Mailu's rspamd requires DNSSEC for DKIM/SPF/DMARC validation.
|
|
|
|
# Global settings
|
|
global:
|
|
# DNS service name for other services to reference
|
|
dnsServiceName: "unbound-dns"
|
|
namespace: "bakery-ia"
|
|
|
|
# Unbound image configuration
|
|
image:
|
|
repository: "mvance/unbound"
|
|
tag: "latest"
|
|
pullPolicy: "IfNotPresent"
|
|
|
|
# Deployment configuration
|
|
replicaCount: 1
|
|
|
|
# Resource limits and requests
|
|
# Unbound is very lightweight - these minimal resources are sufficient
|
|
resources:
|
|
requests:
|
|
cpu: "25m"
|
|
memory: "32Mi"
|
|
limits:
|
|
cpu: "100m"
|
|
memory: "128Mi"
|
|
|
|
# Security context
|
|
securityContext:
|
|
capabilities:
|
|
add: ["NET_BIND_SERVICE"]
|
|
|
|
# Service configuration
|
|
service:
|
|
type: "ClusterIP"
|
|
# Dynamic ClusterIP - Kubernetes will assign automatically
|
|
# clusterIP: "" # Leave empty for automatic assignment
|
|
ports:
|
|
dnsUdp: 53
|
|
dnsTcp: 53
|
|
|
|
# Health probes configuration
|
|
# NOTE: mvance/unbound image does NOT have 'nc' (netcat), use 'drill' instead
|
|
probes:
|
|
readiness:
|
|
enabled: true
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 30
|
|
# Use drill (DNS lookup tool included in unbound image)
|
|
command: "drill @127.0.0.1 localhost || exit 1"
|
|
liveness:
|
|
enabled: true
|
|
initialDelaySeconds: 30
|
|
periodSeconds: 60
|
|
# Use drill (DNS lookup tool included in unbound image)
|
|
command: "drill @127.0.0.1 localhost || exit 1"
|
|
|
|
# Additional environment variables
|
|
env: {}
|
|
|
|
# Additional volume mounts
|
|
volumeMounts: []
|
|
|
|
# Additional volumes
|
|
volumes: []
|
|
|
|
# Node selector
|
|
nodeSelector: {}
|
|
|
|
# Tolerations
|
|
tolerations: []
|
|
|
|
# Affinity
|
|
affinity: {}
|
|
|
|
# Pod annotations
|
|
podAnnotations: {}
|
|
|
|
# Service annotations
|
|
serviceAnnotations: {}
|
|
|
|
# Custom unbound configuration
|
|
config:
|
|
enabled: false
|
|
|
|
# Additional containers (sidecars)
|
|
extraContainers: []
|
|
|
|
# Additional init containers
|
|
extraInitContainers: []
|
|
|
|
# Service account configuration
|
|
serviceAccount:
|
|
create: false
|
|
annotations: {}
|
|
name: ""
|
|
|
|
# Pod security context
|
|
podSecurityContext: {} |