---
# Source: external-dns/charts/external-dns-unifi/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: external-dns-unifi
  namespace: external-dns
  labels:
    helm.sh/chart: external-dns-unifi-1.19.0
    app.kubernetes.io/name: external-dns-unifi
    app.kubernetes.io/instance: external-dns
    app.kubernetes.io/version: "0.19.0"
    app.kubernetes.io/managed-by: Helm
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: external-dns-unifi
      app.kubernetes.io/instance: external-dns
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app.kubernetes.io/name: external-dns-unifi
        app.kubernetes.io/instance: external-dns
    spec:
      automountServiceAccountToken: true
      serviceAccountName: external-dns-unifi
      securityContext:
        fsGroup: 65534
        runAsNonRoot: true
        seccompProfile:
          type: RuntimeDefault
      containers:
        - name: external-dns
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop:
                - ALL
            privileged: false
            readOnlyRootFilesystem: true
            runAsGroup: 65532
            runAsNonRoot: true
            runAsUser: 65532
          image: registry.k8s.io/external-dns/external-dns:v0.19.0
          imagePullPolicy: IfNotPresent
          args:
            - --log-level=info
            - --log-format=text
            - --interval=1m
            - --source=ingress
            - --source=crd
            - --source=gateway-httproute
            - --source=gateway-tlsroute
            - --policy=sync
            - --registry=txt
            - --txt-owner-id=default
            - --txt-prefix=k8s.
            - --domain-filter=alexlebens.net
            - --provider=webhook
            - --ignore-ingress-tls-spec
          ports:
            - name: http
              protocol: TCP
              containerPort: 7979
          livenessProbe:
            failureThreshold: 2
            httpGet:
              path: /healthz
              port: http
            initialDelaySeconds: 10
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 5
          readinessProbe:
            failureThreshold: 6
            httpGet:
              path: /healthz
              port: http
            initialDelaySeconds: 5
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 5
        - name: webhook
          image: ghcr.io/kashalls/external-dns-unifi-webhook:v0.7.0
          imagePullPolicy: IfNotPresent
          env:
            - name: UNIFI_HOST
              value: https://192.168.1.1
            - name: UNIFI_API_KEY
              valueFrom:
                secretKeyRef:
                  key: api-key
                  name: external-dns-unifi-secret
            - name: LOG_LEVEL
              value: debug
          ports:
            - name: http-webhook
              protocol: TCP
              containerPort: 8080
          livenessProbe:
            failureThreshold: 2
            httpGet:
              path: /healthz
              port: http-webhook
            initialDelaySeconds: 10
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 5
          readinessProbe:
            failureThreshold: 6
            httpGet:
              path: /readyz
              port: http-webhook
            initialDelaySeconds: 10
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 5