# see: https://github.com/ori-edge/k8s_gateway/blob/master/examples/install-clusterwide.yml
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: excoredns
  namespace: networking
---
# Source: coredns/templates/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: excoredns
  namespace: networking
data:
  Corefile: |-
    .:53 {
        errors
        log
        ready
        k8s_gateway ${SECRET_CLUSTER_DOMAIN}
        {
          resources Ingress Service
          ttl 10
          apex dns1
        }
        forward . /etc/resolv.conf
        cache 30
        loop
        reload
        loadbalance
    }
---
# Source: coredns/templates/clusterrole.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: excoredns
rules:
  - apiGroups:
      - ""
    resources:
      - services
      - namespaces
    verbs:
      - list
      - watch
  - apiGroups:
      - extensions
      - networking.k8s.io
    resources:
      - ingresses
    verbs:
      - list
      - watch
---
# Source: coredns/templates/clusterrolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: excoredns
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: excoredns
subjects:
  - kind: ServiceAccount
    name: excoredns
    namespace: networking
---
apiVersion: v1
kind: Service
metadata:
  name: external-dns
  namespace: networking
spec:
  selector:
    k8s-app: "excoredns"
  ports:
    - name: udp-53
      port: 53
      protocol: UDP
  type: LoadBalancer
  externalIPs:
    - ${CLUSTER_LB_K8SGATEWAY}
  externalTrafficPolicy: Local
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: excoredns
  namespace: networking
spec:
  replicas: 1
  selector:
    matchLabels:
      k8s-app: "excoredns"
  template:
    metadata:
      labels:
        k8s-app: "excoredns"
    spec:
      serviceAccountName: excoredns
      dnsPolicy: ClusterFirst
      containers:
        - name: "coredns"
          image: "quay.io/oriedge/k8s_gateway:v0.1.5"
          imagePullPolicy: IfNotPresent
          args: ["-conf", "/etc/coredns/Corefile"]
          volumeMounts:
            - name: config-volume
              mountPath: /etc/coredns
          resources:
            requests:
              cpu: 100m
              memory: 128Mi
          ports:
            - { containerPort: 53, protocol: UDP, name: udp-53 }
            - { containerPort: 53, protocol: TCP, name: tcp-53 }
      volumes:
        - name: config-volume
          configMap:
            name: excoredns
            items:
              - key: Corefile
                path: Corefile