apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: dnsmasq-controller-dns
  labels:
    app: dnsmasq-controller
    role: dns
spec:
  selector:
    matchLabels:
      app: dnsmasq-controller
      role: dns
  template:
    metadata:
      labels:
        app: dnsmasq-controller
        role: dns
    spec:
      hostNetwork: true
      containers:
      - name: dnsmasq
        image: docker.io/kvaps/dnsmasq-controller:latest
        args:
        #- --watch-namespace=$(NAMESPACE)
        - --metrics-addr=:0
        - --dns
        - --
        - --expand-hosts
        - --domain=infra.example.org
        - --auth-server=$(NODE_NAME),$(NODE_IP)
        - --auth-zone=infra.example.org
        env:
        #- name: NAMESPACE
        #  valueFrom:
        #    fieldRef:
        #      fieldPath: metadata.namespace
        - name: NODE_NAME
          valueFrom:
            fieldRef:
              fieldPath: spec.nodeName
        - name: NODE_IP
          valueFrom:
            fieldRef:
              fieldPath: status.podIP
        resources:
          limits:
            cpu: 100m
            memory: 30Mi
          requests:
            cpu: 100m
            memory: 20Mi
      priorityClassName: system-node-critical
      serviceAccountName: dnsmasq-controller
      terminationGracePeriodSeconds: 10
      nodeSelector:
        node-role.kubernetes.io/dnsmasq: ""
      tolerations:
      - effect: NoSchedule
        operator: Exists
      - effect: NoExecute
        operator: Exists
      - key: CriticalAddonsOnly
        operator: Exists