apiVersion: v1
kind: Namespace
metadata:
  name: dns

---

kind: ConfigMap
apiVersion: v1
metadata:
  name: config
  namespace: dns
data:
  Corefile: |-
    .:53 {
      log
      errors
      file /config/db.cluster
    }

    .:54 {
      log
      errors
      file /config/db.public.cluster
    }

  db.cluster: |-
    $TTL 1m
    $ORIGIN cluster.
    @ IN SOA cluster. lacbenedek.gmail.com. (
        2025050202 ; serial
        1m         ; period
        1m         ; retry
        1m         ; exp
        1m         ; ttl
    )
    cluster.         IN A   192.168.123.241
    control.cluster. IN A   192.168.123.1
    private.cluster. IN A   192.168.123.241
                     IN TXT "private dns"
    public.cluster.  IN NS  public.cluster.
                     IN A   192.168.123.240

  db.public.cluster: |-
    $TTL 1m
    $ORIGIN public.cluster.
    @ IN SOA public.cluster. lacbenedek.gmail.com. (
        2025050202 ; serial
        1m         ; period
        1m         ; retry
        1m         ; exp
        1m         ; ttl
    )
    public.cluster. IN A   192.168.123.240
                    IN TXT "public dns"

---

kind: Deployment
apiVersion: apps/v1
metadata:
  name: coredns
  namespace: dns
spec:
  replicas: 1
  selector:
    matchLabels:
      app: coredns
  template:
    metadata:
      labels:
        app: coredns
    spec:
      containers:
        - name: coredns
          image: coredns/coredns
          ports:
            - containerPort: 53
              protocol: UDP
            - containerPort: 53
              protocol: TCP
            - containerPort: 54
              protocol: UDP
            - containerPort: 54
              protocol: TCP
          args:
            - -conf=/config/Corefile
          volumeMounts:
            - mountPath: /config
              name: config
              readOnly: true
          resources:
            limits:
              cpu: '1000m'
              memory: '500Mi'
            requests:
              cpu: '10m'
              memory: '10Mi'
      volumes:
        - name: config
          configMap:
            name: config

---

kind: Service
apiVersion: v1
metadata:
  name: dns
  namespace: dns
spec:
  ports:
    - port: 53
      targetPort: 53
      protocol: UDP
      name: dns-udp-private
    - port: 53
      targetPort: 53
      protocol: TCP
      name: dns-tcp-private
    - port: 54
      targetPort: 54
      protocol: UDP
      name: dns-udp-public
    - port: 54
      targetPort: 54
      protocol: TCP
      name: dns-tcp-public
  selector:
    app: coredns

---

apiVersion: traefik.io/v1alpha1
kind: IngressRouteUDP
metadata:
  name: dns-udp-private
  namespace: dns
spec:
  entryPoints:
  - dns-udp-private
  routes:
  - services:
    - name: dns
      port: 53

---

apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
  name: dns-tcp-private
  namespace: dns
spec:
  entryPoints:
  - dns-tcp-private
  routes:
  - match: HostSNI('*')
    services:
    - name: dns
      port: 53
---

apiVersion: traefik.io/v1alpha1
kind: IngressRouteUDP
metadata:
  name: dns-udp-public
  namespace: dns
spec:
  entryPoints:
  - dns-udp-public
  routes:
  - services:
    - name: dns
      port: 54

---

apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
  name: dns-tcp-public
  namespace: dns
spec:
  entryPoints:
  - dns-tcp-public
  routes:
  - match: HostSNI('*')
    services:
    - name: dns
      port: 54