---
apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: gost-dns
  name: gost-dns
spec:
  replicas: 1
  selector:
    matchLabels:
      app: gost-dns
  template:
    metadata:
      labels:
        app: gost-dns
      annotations:
        k8s.v1.cni.cncf.io/networks: |
          [{
            "namespace": "cascade",
            "name": "br0-static",
            "ips": ["172.16.1.53/12"]
          }]
    spec:
      containers:
        - image: ginuerzh/gost:latest
          imagePullPolicy: IfNotPresent
          name: gost
          command:
          - gost
          - -L
          - dns://:53?mode=tcp&dns=https://1.1.1.3/dns-query
          - -L
          - dns://:53?mode=udp&dns=https://1.1.1.3/dns-query
          - -L
          - dns://:54?mode=tcp&dns=https://doh.cleanbrowsing.org/doh/family-filter/
          - -L
          - dns://:54?mode=udp&dns=https://doh.cleanbrowsing.org/doh/family-filter/
          - -L
          - dns://:153?mode=tcp&dns=https://1.1.1.1/dns-query
          - -L
          - dns://:153?mode=udp&dns=https://1.1.1.1/dns-query
          #securityContext:
          #  capabilities:
          #   add: ["NET_ADMIN"]
      restartPolicy: Always