k8s-gateway
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
image:
2
registry: cgr.dev
3
repository: chainguard-private/k8s_gateway
4
tag: latest@sha256:07f4a668d7d94911228cfce06e7a9553a42a983ad890afb45c3cd90942aeafae
5
pullPolicy: IfNotPresent
6
# Reference to one or more secrets to be used when pulling images.
7
# For more information, see [Pull an Image from a Private Registry](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/).
8
#
9
# For example:
10
# imagePullSecrets:
11
# - name: "image-pull-secret"
12
imagePullSecrets: []
13
# Delegated domain
14
domain: ""
15
# Optional scheme for DNS server (e.g., "tls://", "https://", "grpc://")
16
# Used to enable DoT (DNS over TLS), DoH (DNS over HTTPS), or gRPC protocols
17
# Leave empty for standard DNS
18
# See: https://coredns.io/plugins/tls/
19
scheme: ""
20
# Labels to apply to all resources
21
customLabels: {}
22
# Annotations to apply to pods
23
podAnnotations: {}
24
# TTL for non-apex responses (in seconds)
25
ttl: 300
26
# Resources (CPU, memory etc)
27
resources: {}
28
# Limit what kind of resources to watch, e.g. watchedResources: ["Ingress"]
29
watchedResources: ["Ingress", "Service"]
30
filters:
31
ingressClasses: []
32
gatewayClasses: []
33
serviceLabelSelectors: []
34
# Service name of a secondary DNS server (should be `serviceName.namespace`)
35
secondary: ""
36
# Enabled fallthrough for k8s_gateway
37
fallthrough:
38
enabled: false
39
zones: []
40
# Override the default `serviceName.namespace` domain apex
41
apex: ""
42
# Optional configuration option for DNS01 challenge that will redirect all acme
43
# challenge requests to external cloud domain (e.g. managed by cert-manager)
44
# See: https://cert-manager.io/docs/configuration/acme/dns01/
45
dnsChallenge:
46
enabled: false
47
domain: dns01.clouddns.com
48
# Optional plugins that will be enabled in the zone, e.g. "forward . /etc/resolve.conf"
49
extraZonePlugins:
50
- name: log
51
- name: errors
52
# Serves a /health endpoint on :8080, required for livenessProbe
53
- name: health
54
configBlock: |-
55
lameduck 5s
56
# Serves a /ready endpoint on :8181, required for readinessProbe
57
- name: ready
58
# Serves a /metrics endpoint on :9153, required for serviceMonitor
59
- name: prometheus
60
parameters: 0.0.0.0:9153
61
- name: forward
62
parameters: . /etc/resolv.conf
63
- name: loop
64
- name: reload
65
- name: loadbalance
66
# Example TLS configuration (requires scheme: "tls://" and TLS certificates)
67
# - name: tls
68
# parameters: /etc/coredns/tls/tls.crt /etc/coredns/tls/tls.key
69
# configBlock: |-
70
# client_auth {
71
# type request
72
# }
73
74
serviceAccount:
75
create: true
76
name: ""
77
annotations: {}
78
service:
79
type: LoadBalancer
80
port: 53
81
annotations: {}
82
labels: {}
83
# nodePort: 30053
84
# loadBalancerIP: 192.168.1.2
85
# loadBalancerClass:
86
# clusterIP: 10.43.0.53
87
# externalTrafficPolicy: Local
88
# externalIPs:
89
# - 192.168.1.3
90
# One of SingleStack, PreferDualStack, or RequireDualStack.
91
# ipFamilyPolicy: SingleStack
92
# List of IP families (e.g. IPv4 and/or IPv6).
93
# ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services
94
# ipFamilies:
95
# - IPv4
96
# - IPv6
97
useTcp: false
98
nodeSelector: {}
99
tolerations: []
100
topologySpreadConstraints: []
101
affinity: {}
102
replicaCount: 1
103
# Optional PriorityClass that will be used in the Deployment, e.g. priorityClassName: "system-cluster-critical"
104
priorityClassName: ""
105
debug:
106
enabled: false
107
secure: true
108
podSecurityContext: {}
109
securityContext: {}
110
# file plugin
111
zoneFiles: []
112
# - filename: example.db
113
# # Optional
114
# domains: example.com
115
# fallthrough:
116
# enabled: true
117
# zones:
118
# - test.example.com
119
# reload: 1m
120
# contents: |
121
# example.com. IN SOA sns.dns.icann.com. noc.dns.icann.com. 2015082541 7200 3600 1209600 3600
122
# example.com. IN NS b.iana-servers.net.
123
# example.com. IN NS a.iana-servers.net.
124
# example.com. IN A 192.168.99.102
125
# *.example.com. IN A 192.168.99.102
126
127
extraVolumes: []
128
# extraVolumes:
129
# - name: tsig-secret
130
# secret:
131
# secretName: tsig-secret
132
extraVolumeMounts: []
133
# extraVolumeMounts:
134
# - name: tsig-volume
135
# mountPath: /etc/tsig
136
# subPath: tsig.key
137
# readOnly: true
138
The trusted source for open source
Talk to an expertProduct
Customers
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.