---
apiVersion: v1
kind: ConfigMap
metadata:
  name: bind-secondary-config-local
data:
  named.conf.local: |
    zone "codemowers.ee" { type slave; masters { 172.20.0.2 key readonly; }; };
    zone "codemowers.eu" { type slave; masters { 172.20.0.2 key readonly; }; };
    zone "codemowers.cloud" { type slave; masters { 172.20.0.2 key readonly; }; };
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: bind-secondary-config
data:
  named.conf: |
    include "/etc/bind/named.conf.local";
    include "/etc/bind/readonly.key";
    options {
        recursion no;
        pid-file "/var/bind/named.pid";
        allow-query { 0.0.0.0/0; };
        allow-notify { 172.20.0.2; };
        allow-transfer { none; };
        check-names slave ignore;
        notify no;
    };
    zone "k-space.ee" { type slave; masters { 172.20.0.2 key readonly; }; };
    zone "k6.ee" { type slave; masters { 172.20.0.2 key readonly; }; };
    zone "kspace.ee" { type slave; masters { 172.20.0.2 key readonly; }; };
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: bind-secondary
  namespace: bind
spec:
  replicas: 3
  selector:
    matchLabels:
      app: bind-secondary
  template:
    metadata:
      labels:
        app: bind-secondary
    spec:
      volumes:
        - name: run
          emptyDir: {}
      containers:
        - name: bind-secondary
          image: internetsystemsconsortium/bind9:9.20
          volumeMounts:
            - mountPath: /run/named
              name: run
          workingDir: /var/bind
          command:
            - named
            - -g
            - -c
            - /etc/bind/named.conf
          volumeMounts:
            - name: bind-secondary-config
              mountPath: /etc/bind
              readOnly: true
            - name: bind-data
              mountPath: /var/bind
      volumes:
        - name: bind-secondary-config
          projected:
            sources:
              - configMap:
                  name: bind-secondary-config
              - configMap:
                  name: bind-secondary-config-local
                  optional: true
              - secret:
                  name: bind-readonly-secret
        - name: bind-data
          emptyDir: {}
      affinity:
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            - labelSelector:
                matchExpressions:
                  - key: app
                    operator: In
                    values:
                      - bind-secondary
              topologyKey: "kubernetes.io/hostname"
---
apiVersion: v1
kind: Service
metadata:
  name: bind-secondary
  namespace: bind
spec:
  type: LoadBalancer
  externalTrafficPolicy: Local
  loadBalancerIP: 62.65.250.2
  selector:
    app: bind-secondary
  ports:
    - protocol: TCP
      port: 53
      name: dns-tcp
      targetPort: 53
    - protocol: UDP
      port: 53
      name: dns-udp
      targetPort: 53
---
apiVersion: v1
kind: Service
metadata:
  name: bind-secondary-0
  namespace: bind
spec:
  type: LoadBalancer
  externalTrafficPolicy: Local
  loadBalancerIP: 172.20.53.1
  selector:
    app: bind-secondary
    statefulset.kubernetes.io/pod-name: bind-secondary-0
  ports:
    - protocol: TCP
      port: 53
      name: dns-tcp
      targetPort: 53
    - protocol: UDP
      port: 53
      name: dns-udp
      targetPort: 53
---
apiVersion: v1
kind: Service
metadata:
  name: bind-secondary-1
  namespace: bind
spec:
  type: LoadBalancer
  externalTrafficPolicy: Local
  loadBalancerIP: 172.20.53.2
  selector:
    app: bind-secondary
    statefulset.kubernetes.io/pod-name: bind-secondary-1
  ports:
    - protocol: TCP
      port: 53
      name: dns-tcp
      targetPort: 53
    - protocol: UDP
      port: 53
      name: dns-udp
      targetPort: 53
---
apiVersion: v1
kind: Service
metadata:
  name: bind-secondary-2
  namespace: bind
spec:
  type: LoadBalancer
  externalTrafficPolicy: Local
  loadBalancerIP: 172.20.53.3
  selector:
    app: bind-secondary
    statefulset.kubernetes.io/pod-name: bind-secondary-2
  ports:
    - protocol: TCP
      port: 53
      name: dns-tcp
      targetPort: 53
    - protocol: UDP
      port: 53
      name: dns-udp
      targetPort: 53