mirror of
https://github.com/nold360/hive-apps
synced 2024-12-23 14:11:13 +00:00
102 lines
2.4 KiB
YAML
102 lines
2.4 KiB
YAML
# Default values for squid.
|
|
# This is a YAML-formatted file.
|
|
# Declare variables to be passed into your templates.
|
|
|
|
replicaCount: 1
|
|
|
|
image:
|
|
repository: honestica/squid
|
|
tag: 4-f9839050-1344-48d2-981a-b73e4541e193
|
|
pullPolicy: IfNotPresent
|
|
# imagePullSecrets:
|
|
|
|
service:
|
|
type: ClusterIP
|
|
# Specify IP to whitelist if needed
|
|
#loadBalancerSourceRanges: ""
|
|
# Specify external IP if needed
|
|
#loadBalancerIP: ""
|
|
port: 80
|
|
# annotations: {}
|
|
|
|
ingress:
|
|
enabled: true
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: vault-issuer
|
|
traefik.ingress.kubernetes.io/router.tls: 'true'
|
|
path: /
|
|
hosts:
|
|
- proxy.dc
|
|
tls:
|
|
- secretName: proxy-tls
|
|
hosts:
|
|
- proxy.dc
|
|
|
|
config: |
|
|
acl SSL_ports port 443
|
|
acl Safe_ports port 80 # http
|
|
acl Safe_ports port 443 # https
|
|
acl CONNECT method CONNECT
|
|
|
|
acl restricted_destination_subnetworks dst 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
|
|
|
|
# Recommended minimum Access Permission configuration:
|
|
#
|
|
# Deny requests to certain unsafe ports
|
|
http_access deny !Safe_ports
|
|
|
|
# Only allow cachemgr access from localhost
|
|
http_access allow localhost manager
|
|
http_access deny manager
|
|
|
|
http_access deny restricted_destination_subnetworks
|
|
|
|
# Squid normally listens to port 3128
|
|
http_port 3128
|
|
|
|
# Uncomment and adjust the following to add a disk cache directory.
|
|
#cache_dir ufs /var/cache/squid 100 16 256
|
|
|
|
# Leave coredumps in the first cache dir
|
|
coredump_dir /var/cache/squid
|
|
|
|
#
|
|
# Add any of your own refresh_pattern entries above these.
|
|
#
|
|
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
|
|
refresh_pattern . 0 20% 4320
|
|
|
|
# Do not display squid version
|
|
httpd_suppress_version_string on
|
|
|
|
|
|
resources: {}
|
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
|
# choice for the user. This also increases chances charts run on environments with little
|
|
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
# limits:
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
# requests:
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
|
|
nodeSelector: {}
|
|
|
|
tolerations: []
|
|
|
|
affinity: {}
|
|
|
|
releaseAntiAffinity: true
|
|
|
|
metrics:
|
|
enabled: false
|
|
serviceMonitor: false
|
|
exporter:
|
|
port: 9301
|
|
resources: {}
|
|
image:
|
|
repository: boynux/squid-exporter
|
|
tag: v1.9
|
|
pullPolicy: IfNotPresent
|