From 270b82f71b27eb48af3e6381160c67d365d846d9 Mon Sep 17 00:00:00 2001
From: Vassil Dimitrov <vassil.dimitrov@sap.com>
Date: Fri, 27 Dec 2024 13:15:39 +0100
Subject: [PATCH] [unbound] split the unbound services in two, UDP and TCP

We can't reliably maintain the existing service if it's using
the same port numbers for UDP and TCP. See [1].

Adding new ports would result in a borked service, potentially
bringing the whole thing down.

With one service per protocol the port numbers will be unique
within the service, so we should be good.

[1] https://github.com/kubernetes/kubernetes/issues/39188
---
 system/unbound/templates/service.yaml | 25 +++++++++++++------------
 1 file changed, 13 insertions(+), 12 deletions(-)

diff --git a/system/unbound/templates/service.yaml b/system/unbound/templates/service.yaml
index 10eda868d2..9de8794b3f 100644
--- a/system/unbound/templates/service.yaml
+++ b/system/unbound/templates/service.yaml
@@ -1,27 +1,28 @@
+{{- range tuple "udp" "tcp"}}
+{{- $proto := . }}
+---
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ .Values.unbound.name }}
+  name: {{ $.Values.unbound.name }}-{{ $proto }}
   annotations:
     prometheus.io/scrape: "true"
-    prometheus.io/port: "{{.Values.unbound.port_unbound_exporter}}"
-    prometheus.io/targets: {{ required ".Values.alerts.prometheus missing" .Values.alerts.prometheus | quote }}
+    prometheus.io/port: "{{$.Values.unbound.port_unbound_exporter}}"
+    prometheus.io/targets: {{ required "$.Values.alerts.prometheus missing" $.Values.alerts.prometheus | quote }}
     parrot.sap.cc/announce: 'true'
     service.alpha.kubernetes.io/reject-traffic-on-external-ip: "false"
 spec:
   type: LoadBalancer
   externalTrafficPolicy: Local
   selector:
-    app: {{ .Values.unbound.name }}
+    app: {{ $.Values.unbound.name }}
     type: dns
-  ports: 
-{{- range $.Values.unbound.externalPorts | required ".Values.unbound.externalPorts missing" }}
-    - name: dns-tcp-{{.}}
-      protocol: TCP
-      port: {{.}}
-    - name: dns-udp-{{.}}
-      protocol: UDP
+  ports:
+{{- range $.Values.unbound.externalPorts | required "$.Values.unbound.externalPorts missing" }}
+    - name: dns-{{ $proto }}-{{.}}
+      protocol: {{ $proto | upper }}
       port: {{.}}
 {{- end }}
   externalIPs:
-    {{- required "A valid .Values.unbound.externalIPs required!" .Values.unbound.externalIPs | toYaml | nindent 2 }}
+    {{- required "A valid $.Values.unbound.externalIPs required!" $.Values.unbound.externalIPs | toYaml | nindent 2 }}
+{{- end }}