2021-11-28 10:16:31 +00:00
|
|
|
# Default values for squid.
|
|
|
|
|
# This is a YAML-formatted file.
|
|
|
|
|
# Declare variables to be passed into your templates.
|
|
|
|
|
|
|
|
|
|
replicaCount: 1
|
|
|
|
|
|
|
|
|
|
image:
|
2022-12-10 11:40:08 +00:00
|
|
|
repository: lib42/squid
|
|
|
|
|
tag: latest
|
|
|
|
|
pullPolicy: Always
|
2021-11-28 10:16:31 +00:00
|
|
|
# imagePullSecrets:
|
|
|
|
|
|
|
|
|
|
service:
|
|
|
|
|
type: ClusterIP
|
|
|
|
|
#loadBalancerSourceRanges: ""
|
|
|
|
|
#loadBalancerIP: ""
|
|
|
|
|
port: 80
|
|
|
|
|
# annotations: {}
|
|
|
|
|
|
|
|
|
|
ingress:
|
|
|
|
|
enabled: true
|
2022-02-20 15:52:14 +00:00
|
|
|
annotations:
|
|
|
|
|
cert-manager.io/cluster-issuer: vault-issuer
|
|
|
|
|
traefik.ingress.kubernetes.io/router.tls: 'true'
|
2021-11-28 10:16:31 +00:00
|
|
|
path: /
|
|
|
|
|
hosts:
|
|
|
|
|
- proxy.dc
|
2022-02-20 15:52:14 +00:00
|
|
|
tls:
|
|
|
|
|
- secretName: proxy-tls
|
|
|
|
|
hosts:
|
|
|
|
|
- proxy.dc
|
2021-11-28 10:16:31 +00:00
|
|
|
|
|
|
|
|
config: |
|
|
|
|
|
acl SSL_ports port 443
|
|
|
|
|
acl Safe_ports port 80 # http
|
|
|
|
|
acl Safe_ports port 443 # https
|
|
|
|
|
acl CONNECT method CONNECT
|
|
|
|
|
|
|
|
|
|
acl restricted_destination_subnetworks dst 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
|
|
|
|
|
|
|
|
|
|
# Recommended minimum Access Permission configuration:
|
|
|
|
|
#
|
|
|
|
|
# Deny requests to certain unsafe ports
|
|
|
|
|
http_access deny !Safe_ports
|
|
|
|
|
|
|
|
|
|
# Only allow cachemgr access from localhost
|
|
|
|
|
http_access allow localhost manager
|
|
|
|
|
http_access deny manager
|
|
|
|
|
|
|
|
|
|
http_access deny restricted_destination_subnetworks
|
|
|
|
|
|
|
|
|
|
# Squid normally listens to port 3128
|
|
|
|
|
http_port 3128
|
|
|
|
|
|
|
|
|
|
# Uncomment and adjust the following to add a disk cache directory.
|
|
|
|
|
#cache_dir ufs /var/cache/squid 100 16 256
|
|
|
|
|
|
|
|
|
|
# Leave coredumps in the first cache dir
|
|
|
|
|
coredump_dir /var/cache/squid
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Add any of your own refresh_pattern entries above these.
|
|
|
|
|
#
|
|
|
|
|
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
|
|
|
|
|
refresh_pattern . 0 20% 4320
|
|
|
|
|
|
|
|
|
|
# Do not display squid version
|
|
|
|
|
httpd_suppress_version_string on
|
|
|
|
|
|
|
|
|
|
|
2022-12-10 11:40:08 +00:00
|
|
|
resources:
|
|
|
|
|
limits:
|
|
|
|
|
cpu: 500m
|
|
|
|
|
memory: 512Mi
|
2021-11-28 10:16:31 +00:00
|
|
|
|
|
|
|
|
metrics:
|
|
|
|
|
enabled: false
|
|
|
|
|
serviceMonitor: false
|
|
|
|
|
exporter:
|
|
|
|
|
port: 9301
|
|
|
|
|
resources: {}
|
|
|
|
|
image:
|
|
|
|
|
repository: boynux/squid-exporter
|
2022-01-02 16:57:53 +00:00
|
|
|
tag: v1.9
|
2021-11-28 10:16:31 +00:00
|
|
|
pullPolicy: IfNotPresent
|
2022-12-10 11:40:08 +00:00
|
|
|
|
|
|
|
|
podSecurityContext:
|
|
|
|
|
runAsUser: 31
|
|
|
|
|
runAsGroup: 31
|
|
|
|
|
fsGroup: 31
|
|
|
|
|
|
|
|
|
|
securityContext:
|
|
|
|
|
runAsNonRoot: true
|
|
|
|
|
privileged: false
|
|
|
|
|
readOnlyRootFilesystem: false
|
|
|
|
|
allowPrivilegeEscalation: false
|
|
|
|
|
capabilities:
|
|
|
|
|
drop:
|
|
|
|
|
- ALL
|
