#{
# "infoklinika.ru": {
#    "username":"8aeaadb6-1dcc-495a-899b-00519a76aacf",
#    "password":"8HLvFMfIA1b6pz8FiiKPRjzZ-1rzxwpLml9S_ENt",
#    "fulldomain":"d3747323-b9d9-4112-8db4-90b4f7bd62ed.auth.infoklinika.ru",
#    "subdomain":"d3747323-b9d9-4112-8db4-90b4f7bd62ed",
#    "allowfrom":[]
# }
#}

---

apiVersion: v1
kind: ConfigMap
metadata:
  name: acme-cfg
data:
  config.cfg: |
    [general]
    listen = ":53"
    protocol = "both"
    domain = "auth.infoklinika.ru"
    nsname = "nsauth.infoklinika.ru"
    nsadmin = "admin.infoklinika.ru"
    records = [
      "nsauth.infoklinika.ru. A 95.131.180.106",
      "auth.infoklinika.ru. NS nsauth.infoklinika.ru.",
    ]
    debug = true
    [database]
    engine = "sqlite3"
    connection = "/var/lib/acme-dns/acme-dns.db"
    [api]
    api_domain = ""
    disable_registration = false
    #autocert_port = "80"
    ip = ""
    port = "80"
    tls = "none"
    corsorigins = [
      "*"
    ]
    use_header = false
    header_name = "X-Forwarded-For"
    [logconfig]
    loglevel = "debug"
    logtype = "stdout"
    logformat = "text"

---

apiVersion: v1
kind: PersistentVolume
metadata:
  name: acme-db
  labels:
    purpose: acme-db
spec:
  accessModes:
  - ReadWriteOnce
  capacity:
    storage: 100Mi
  local:
    path: /dev/shared-iscsi/acme-dns
    fsType: xfs
  nodeAffinity:
    required:
      nodeSelectorTerms:
      - matchExpressions:
        - key: kubernetes.io/os
          operator: In
          values:
            - linux
  persistentVolumeReclaimPolicy: Delete
  storageClassName: local-storage
  volumeMode: Filesystem

---

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: acme-db
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 100Mi
  selector:
    matchLabels:
      purpose: acme-db
  storageClassName: local-storage

---

apiVersion: apps/v1
kind: Deployment
metadata:
  name: acme-dns
spec:
  selector:
    matchLabels:
      app: acme-dns
  replicas: 1
  template:
    metadata:
      labels:
        app: acme-dns
    spec:
      containers:
      - name: acme-dns
        image: joohoi/acme-dns:latest
        ports:
        - containerPort: 80
        - containerPort: 53
        - containerPort: 53
          protocol: UDP
        volumeMounts:
          - mountPath: /etc/acme-dns
            name: acme-cfg
          - mountPath: /var/lib/acme-dns
            name: acme-db
      volumes:
        - name: acme-cfg
          configMap:
            name: acme-cfg
        - name: acme-db
          persistentVolumeClaim:
            claimName: acme-db

---
apiVersion: v1
kind: Service
metadata:
  name: acme-http
spec:
  ports:
  - port: 80
  selector:
    app: acme-dns
---

apiVersion: v1
kind: Service
metadata:
  name: acme-dns
  annotations:
    metallb.universe.tf/allow-shared-ip: nginx-ingress
spec:
  ports:
  - name: dns-tcp
    port: 53
  selector:
    app: acme-dns
  type: LoadBalancer
  loadBalancerIP: 192.168.201.130

---

apiVersion: v1
kind: Service
metadata:
  name: acme-dns-udp
  annotations:
    metallb.universe.tf/allow-shared-ip: nginx-ingress
spec:
  ports:
  - name: dns-udp
    port: 53
    protocol: UDP
  selector:
    app: acme-dns
  type: LoadBalancer
  loadBalancerIP: 192.168.201.130

---

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx-ingress
  annotations:
    kubernetes.io/ingress.class: "nginx"
spec:
  rules:
  - host: nsauth.infoklinika.ru
    http:
      paths:
      - path: /
        backend:
          serviceName: acme-http
          servicePort: 80