create acme-dns deployment

ansible-5/roles/prod.k3s/tasks/deployments/acme-dns.yaml

@@ -21,4 +21,7 @@
     - acme-dns/pv-data.yaml
     - acme-dns/pv-config-claim.yaml
     - acme-dns/pv-data-claim.yaml
+    - acme-dns/service.yaml
+    - acme-dns/service-dns.yaml
+    - acme-dns/ingress.yaml
   become: true

ansible-5/roles/prod.k3s/templates/acme-dns/ingress.yaml

@@ -0,0 +1,29 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: acme-dns
+  namespace: "{{apps.acme_dns.namespace}}"
+  annotations:
+    kubernetes.io/ingress.class: "traefik"
+#    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+#    traefik.ingress.kubernetes.io/router.tls: "true"
+#    cert-manager.io/cluster-issuer: letsencrypt-production
+
+spec:
+  rules:
+    - host: dns-api.xai-corp.net
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: dns-api
+                port:
+                  number: 80
+
+#  tls: # < placing a host in the TLS config will determine what ends up in the cert's subjectAltNames
+#    - secretName: xai-corp-production-tls-ap1
+#      hosts:
+#        - dns-api.xai-corp.net

ansible-5/roles/prod.k3s/templates/acme-dns/service-dns.yaml

@@ -0,0 +1,17 @@
+---
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: acme-dns-dns
+  namespace: "{{apps.acme_dns.namespace}}"
+spec:
+#  allocateLoadBalancerNodePorts: true
+#  clusterIP: None
+  type: LoadBalancer
+  selector:
+    app: acme-dns
+  ports:
+    - port: 10053
+      targetPort: 53
+      protocol: TCP

ansible-5/roles/prod.k3s/templates/acme-dns/service.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: acme-dns-api
+  namespace: "{{apps.acme_dns.namespace}}"
+spec:
+  selector:
+    app: acme-dns
+  ports:
+    - port: 80
+      targetPort: 80
+