From f1714a9baff470895cb27a53b235f80e696090f3 Mon Sep 17 00:00:00 2001
From: Viktor Barzin <vbarzin@gmail.com>
Date: Fri, 15 Sep 2023 13:57:53 +0000
Subject: [PATCH] set techniitum to nodeport to get source ip clients and
 remove bind [ci skip]

---
 modules/kubernetes/main.tf            | 14 ++++++-------
 modules/kubernetes/technitium/main.tf | 29 +++++++++++++++------------
 2 files changed, 23 insertions(+), 20 deletions(-)

diff --git a/modules/kubernetes/main.tf b/modules/kubernetes/main.tf
index a1ecfa79..c40e2440 100644
--- a/modules/kubernetes/main.tf
+++ b/modules/kubernetes/main.tf
@@ -52,7 +52,7 @@ variable "finance_app_gocardless_secret_key" {}
 
 resource "null_resource" "core_services" {
   # List all the core modules that must be provisioned first
-  depends_on = [module.metallb, module.bind]
+  depends_on = [module.metallb]
 }
 
 module "blog" {
@@ -63,12 +63,12 @@ module "blog" {
   depends_on = [null_resource.core_services]
 }
 
-module "bind" {
-  source              = "./bind"
-  db_viktorbarzin_me  = var.bind_db_viktorbarzin_me
-  db_viktorbarzin_lan = var.bind_db_viktorbarzin_lan
-  named_conf_options  = var.bind_named_conf_options
-}
+# module "bind" {
+#   source              = "./bind"
+#   db_viktorbarzin_me  = var.bind_db_viktorbarzin_me
+#   db_viktorbarzin_lan = var.bind_db_viktorbarzin_lan
+#   named_conf_options  = var.bind_named_conf_options
+# }
 
 module "dbaas" {
   source              = "./dbaas"
diff --git a/modules/kubernetes/technitium/main.tf b/modules/kubernetes/technitium/main.tf
index 7ef1f3f7..20de031e 100644
--- a/modules/kubernetes/technitium/main.tf
+++ b/modules/kubernetes/technitium/main.tf
@@ -12,7 +12,8 @@ module "tls_secret" {
   tls_secret_name = var.tls_secret_name
 }
 
-resource "kubernetes_deployment" "technitium" {
+# resource "kubernetes_deployment" "technitium" {
+resource "kubernetes_daemonset" "technitium" {
   metadata {
     name      = "technitium"
     namespace = "technitium"
@@ -21,7 +22,7 @@ resource "kubernetes_deployment" "technitium" {
     }
   }
   spec {
-    replicas = 1
+    # replicas = 1
     selector {
       match_labels = {
         app = "technitium"
@@ -38,14 +39,14 @@ resource "kubernetes_deployment" "technitium" {
           image = "technitium/dns-server:latest"
           name  = "technitium"
           resources {
-            limits = {
-              cpu    = "1"
-              memory = "1Gi"
-            }
-            requests = {
-              cpu    = "1"
-              memory = "1Gi"
-            }
+            # limits = {
+            #   cpu    = "1"
+            #   memory = "1Gi"
+            # }
+            # requests = {
+            #   cpu    = "1"
+            #   memory = "1Gi"
+            # }
           }
           port {
             container_port = 5380
@@ -110,8 +111,9 @@ resource "kubernetes_service" "technitium-dns" {
   }
 
   spec {
-    type                    = "LoadBalancer"
-    external_traffic_policy = "Cluster"
+    type = "LoadBalancer"
+    # external_traffic_policy = "Cluster"
+    external_traffic_policy = "Local"
     selector = {
       app = "technitium"
 
@@ -129,7 +131,8 @@ resource "kubernetes_ingress_v1" "technitium" {
     name      = "technitium-ingress"
     namespace = "technitium"
     annotations = {
-      "kubernetes.io/ingress.class"                        = "nginx"
+      "kubernetes.io/ingress.class"          = "nginx"
+      "nginx.ingress.kubernetes.io/affinity" = "cookie"
       "nginx.ingress.kubernetes.io/auth-tls-verify-client" = "on"
       "nginx.ingress.kubernetes.io/auth-tls-secret"        = "default/ca-secret"
     }