From f51b1fac42ef0e74a4d148d6fbf3f6879f58488a Mon Sep 17 00:00:00 2001
From: Alex Szakaly <alex.szakaly@gmail.com>
Date: Sun, 22 Mar 2026 12:28:29 +0100
Subject: [PATCH] chore: add dns config and dns policy settings support to
 deployment

Expose DNS config and DNS policy in the pod template values.
Set the default DNS policy to ClusterFirst to preserve existing
Helm chart behavior and avoid breaking changes.

Signed-off-by: Alex Szakaly <alex.szakaly@gmail.com>
---
 templates/deployment.yml   |  7 ++++++-
 tests/deployment_test.yaml | 43 ++++++++++++++++++++++++++++++++++++++
 values.yaml                | 18 ++++++++++++++++
 3 files changed, 67 insertions(+), 1 deletion(-)

diff --git a/templates/deployment.yml b/templates/deployment.yml
index bcf182a..b792fb7 100644
--- a/templates/deployment.yml
+++ b/templates/deployment.yml
@@ -210,7 +210,12 @@ spec:
         {{- if .Values.sidecars }}
         {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }}
         {{- end }}
-      dnsPolicy: ClusterFirst
+      {{- if .Values.dnsConfig }}
+      dnsConfig: {{- include "common.tplvalues.render" (dict "value" .Values.dnsConfig "context" $) | nindent 12 }}
+      {{- end }}
+      {{- if .Values.dnsPolicy }}
+      dnsPolicy: {{ .Values.dnsPolicy | quote }}
+      {{- end }}
       {{- include "common.images.renderPullSecrets" (dict "images" (list .Values.image) "context" $) | nindent 6 }}
       volumes:
         - name: {{ .Release.Name }}-etc
diff --git a/tests/deployment_test.yaml b/tests/deployment_test.yaml
index def1485..a15515e 100644
--- a/tests/deployment_test.yaml
+++ b/tests/deployment_test.yaml
@@ -45,3 +45,46 @@ tests:
       - equal:
           path: spec.maxReplicas
           value: 5
+
+  - it: should omit dnsConfig by default
+    template: deployment.yml
+    asserts:
+      - notExists:
+          path: spec.template.spec.dnsConfig
+
+  - it: should render dnsConfig options when specified via values
+    template: deployment.yml
+    set:
+      dnsConfig:
+        options:
+          - name: ndots
+            value: "1"
+        searches:
+          - cluster.home.arpa
+          - home.arpa
+    asserts:
+      - equal:
+          path: spec.template.spec.dnsConfig
+          value:
+            options:
+              - name: ndots
+                value: "1"
+            searches:
+              - cluster.home.arpa
+              - home.arpa
+
+  - it: should render dnsPolicy by default
+    template: deployment.yml
+    asserts:
+      - equal:
+          path: spec.template.spec.dnsPolicy
+          value: ClusterFirst
+
+  - it: should render dnsPolicy when specified via values
+    template: deployment.yml
+    set:
+      dnsPolicy: ClusterFirstWithHostNet
+    asserts:
+      - equal:
+          path: spec.template.spec.dnsPolicy
+          value: ClusterFirstWithHostNet
diff --git a/values.yaml b/values.yaml
index 83c98c1..ce08303 100644
--- a/values.yaml
+++ b/values.yaml
@@ -281,6 +281,24 @@ disruptionBudget:
 ## @param environment [array] Extra env vars passed to the Stream pods
 environment: []
 
+## Pod's DNS Configuration
+## https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config
+## This value is useful if you need to resolve your custom domain for ACME challenges
+## Example:
+##  nameservers:
+##    - 1.2.3.4
+##  searches:
+##    - ns1.svc.cluster-domain.example
+##    - my.dns.search.suffix
+##  options:
+##    - name: ndots
+##      value: "2"
+dnsConfig: {}
+
+# Pod's DNS Policy
+# https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy
+dnsPolicy: ClusterFirst
+
 ## @section Stream Service configuration
 ##
 service: