[unbound] split the unbound services in two, UDP and TCP

We can't reliably maintain the existing service if it's using
the same port numbers for UDP and TCP. See [1].

Adding new ports would result in a borked service, potentially
bringing the whole thing down.

With one service per protocol the port numbers will be unique
within the service, so we should be good.

[1] kubernetes/kubernetes#39188

system/unbound/templates/service.yaml

@@ -1,27 +1,28 @@
+{{- range tuple "udp" "tcp"}}
+{{- $proto := . }}
+---
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ .Values.unbound.name }}
+  name: {{ $.Values.unbound.name }}-{{ $proto }}
   annotations:
     prometheus.io/scrape: "true"
-    prometheus.io/port: "{{.Values.unbound.port_unbound_exporter}}"
-    prometheus.io/targets: {{ required ".Values.alerts.prometheus missing" .Values.alerts.prometheus | quote }}
+    prometheus.io/port: "{{$.Values.unbound.port_unbound_exporter}}"
+    prometheus.io/targets: {{ required "$.Values.alerts.prometheus missing" $.Values.alerts.prometheus | quote }}
     parrot.sap.cc/announce: 'true'
     service.alpha.kubernetes.io/reject-traffic-on-external-ip: "false"
 spec:
   type: LoadBalancer
   externalTrafficPolicy: Local
   selector:
-    app: {{ .Values.unbound.name }}
+    app: {{ $.Values.unbound.name }}
     type: dns
-  ports: 
-{{- range $.Values.unbound.externalPorts | required ".Values.unbound.externalPorts missing" }}
-    - name: dns-tcp-{{.}}
-      protocol: TCP
-      port: {{.}}
-    - name: dns-udp-{{.}}
-      protocol: UDP
+  ports:
+{{- range $.Values.unbound.externalPorts | required "$.Values.unbound.externalPorts missing" }}
+    - name: dns-{{ $proto }}-{{.}}
+      protocol: {{ $proto | upper }}
       port: {{.}}
 {{- end }}
   externalIPs:
-    {{- required "A valid .Values.unbound.externalIPs required!" .Values.unbound.externalIPs | toYaml | nindent 2 }}
+    {{- required "A valid $.Values.unbound.externalIPs required!" $.Values.unbound.externalIPs | toYaml | nindent 2 }}
+{{- end }}