---
apiVersion: v1
kind: Namespace
metadata:
  name: bind9
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: bind-master-config
  namespace: dns
data:
  named.conf: |
    options {
        directory "/var/cache/bind";

        recursion yes;
        allow-query { any; };

        listen-on port 53 { any; };
        listen-on-v6 port 53 { any; };

        forwarders {
            10.40.0.254;
        };

        acl "slaves" {
          10.0.0.0/8;
        };

        allow-transfer { "slaves"; };

        dnssec-validation auto;
        include "/etc/named/externaldns-key.conf";
    };

    zone "." IN {
        type hint;
        file "/usr/share/dns/root.hints";
    };

    zone "hxme.net." IN {
      type master;
      file "/etc/bind/db.hxme.net";
      allow-update { key "externaldns-key"; };
    };
  db.hxme.net: |
    $TTL    3600
    @       IN      SOA     ns1.hxme.net. admin.hxme.net. (
                            1         ; Serial
                            7200      ; Refresh
                            1800      ; Retry
                            1209600   ; Expire
                            86400 )   ; Negative Cache TTL
    ;
    @       IN      NS      ns1.hxme.net.
    ns1     IN      A       10.40.0.110
    @       IN      A       10.40.0.110
    www     IN      A       10.40.0.110
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: bind-slave-config
  namespace: dns
data:
  named.conf: |
    options {
        directory "/var/cache/bind";
        recursion yes;
        allow-query { any; };
        listen-on port 53 { any; };
        listen-on-v6 port 53 { any; };
        dnssec-validation auto;
    };

    include "/etc/named/tsig-key.conf";
    
    zone "example.com" {
        type slave;
        masters { bind-master.dns.svc.cluster.local key bind-slave-key; };
        file "slaves/example.com.db";
    };
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: bind-master
  namespace: dns
spec:
  replicas: 1
  selector:
    matchLabels:
      app: bind-master
  template:
    metadata:
      labels:
        app: bind-master
    spec:
      containers:
      - name: bind-master
        image: internetsystemsconsortium/bind9:9.18
        ports:
        - containerPort: 53
          protocol: UDP
        - containerPort: 53
          protocol: TCP
        volumeMounts:
        - name: config
          mountPath: /etc/bind/named.conf
          subPath: named.conf
        - name: config
          mountPath: /etc/bind/db.hxme.net
          subPath: db.hxme.net
        - name: dns-secrets
          mountPath: /etc/bind/externaldns-key.conf
          subPath: externaldns-key.conf
      volumes:
      - name: dns-secrets
        secret:
          secretName: dns-secrets
      - name: config
        configMap:
          name: bind-master-config
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: bind-slave
  namespace: dns
spec:
  selector:
    matchLabels:
      app: bind-slave
  template:
    metadata:
      labels:
        app: bind-slave
    spec:
      containers:
      - name: bind9
        image: internetsystemsconsortium/bind9:9.18
        ports:
        - containerPort: 53
          protocol: UDP
        - containerPort: 53
          protocol: TCP
        volumeMounts:
        - name: config
          mountPath: /etc/bind/named.conf
          subPath: named.conf
        - name: bind-slave-key
          subPath: tsig-key.conf
          mountPath: /etc/bind/tsig-key.conf
      volumes:
      - name: config
        configMap:
          name: bind-slave-config
      - name: bind-slave-key
        secret:
          secretName: bind-slave-key
---
apiVersion: v1
kind: Service
metadata:
  name: bind9
  namespace: dns
spec:
  type: LoadBalancer
  selector:
    app: bind-slave
  ports:
    - name: dns-udp
      port: 53
      targetPort: 53
      protocol: UDP
    - name: dns-tcp
      port: 53
      targetPort: 53
      protocol: TCP