apiVersion: apps/v1
kind: Deployment
metadata:
  name: bind-hidden-primary
spec:
  replicas: 1
  selector:
    matchLabels:
      app: bind-hidden-primary
  template:
    metadata:
      labels:
        app: bind-hidden-primary
    spec:
      containers:
        - name: bind
          image: %IMAGE%
          ports:
            - name: dns-tcp
              containerPort: 8053
              protocol: TCP
            - name: dns-udp
              containerPort: 8053
              protocol: UDP
          volumeMounts:
            - name: bind-zones
              mountPath: /etc/named/zones
            - name: transfer-key-secret
              mountPath: /etc/named/keys
              readOnly: true
          resources:
            requests:
              memory: "128Mi"
              cpu: "100m"
            limits:
              memory: "512Mi"
              cpu: "500m"
          livenessProbe:
            tcpSocket:
              port: 8053
            initialDelaySeconds: 30
            periodSeconds: 10
          readinessProbe:
            tcpSocket:
              port: 8053
            initialDelaySeconds: 5
            periodSeconds: 5
      volumes:
        - name: bind-zones
          persistentVolumeClaim:
            claimName: bind-hidden-primary-zones
        - name: transfer-key-secret
          secret:
            secretName: transfer-key
---
apiVersion: v1
kind: Service
metadata:
  name: bind-hidden-primary
spec:
  type: LoadBalancer
  selector:
    app: bind-hidden-primary
  ports:
    - name: dns-tcp
      port: 8053
      targetPort: 8053
      protocol: TCP
    - name: dns-udp
      port: 8053
      targetPort: 8053
      protocol: UDP
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: bind-hidden-primary-zones
  labels:
    app: bind-hidden-primary
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi