apiVersion: apps/v1
kind: Deployment
metadata:
  name: gopherhole
  labels:
    app: gopherhole
spec:
  selector:
    matchLabels:
      app: gopherhole
  revisionHistoryLimit: 2
  replicas: 1
  strategy:
    rollingUpdate:
      maxSurge: 100%
  template:
    metadata:
      labels:
        app: gopherhole
    spec:
      restartPolicy: Always
      containers:
        - image: vdhsn/gopherhole:latest
          imagePullPolicy: Always
          name: gopherhole
          env:
            - name: GOPHERHOLE_BIND_ADDRESS
              value: 192.168.0.98
          stdin: true
          tty: true
          resources:
            limits:
              cpu: "512m"
              memory: "512M"
            requests:
              cpu: "512m"
              memory: "512m"
          ports:
            - containerPort: 53
              protocol: UDP
              name: dns-udp
            - containerPort: 53
              protocol: TCP
              name: dns-tcp
            - containerPort: 80
              name: http-sinkhole
          securityContext:
            capabilities:
              add: ["NET_ADMIN", "NET_RAW", "NET_BIND_SERVICE"]
---
apiVersion: v1
kind: Service
metadata:
  name: gopherhole-http
spec:
  type: LoadBalancer
  externalTrafficPolicy: Local
  externalIPs:
    - 192.168.0.98
  ports:
    - port: 80
      name: web
      protocol: TCP
      targetPort: 80
  selector:
    app: gopherhole
---
apiVersion: v1
kind: Service
metadata:
  name: gopherhole-tcp-dns
spec:
  type: LoadBalancer
  externalTrafficPolicy: Local
  externalIPs:
    - 192.168.0.98
  ports:
    - port: 53
      name: tcp-dns
      protocol: TCP
  selector:
    app: gopherhole
---
apiVersion: v1
kind: Service
metadata:
  name: gopherhole-udp-dns
spec:
  type: LoadBalancer
  externalIPs:
    - 192.168.0.98
  ports:
    - port: 53
      name: udp-dns
      protocol: UDP
  selector:
    app: gopherhole