---
apiVersion: apps/v1
# This manifest deploys the contiv-ovs pod.
kind: DaemonSet
apiVersion: apps/v1
metadata:
  name: contiv-ovs
  namespace: kube-system
  labels:
    k8s-app: contiv-ovs
spec:
  selector:
    matchLabels:
      k8s-app: contiv-ovs
  template:
    metadata:
      labels:
        k8s-app: contiv-ovs
    spec:
      priorityClassName: system-node-critical
      hostNetwork: true
      dnsPolicy: ClusterFirstWithHostNet
      hostPID: true
      tolerations:
        - operator: Exists
        # Mark pod as critical for rescheduling (Will have no effect starting with kubernetes 1.12)
        - key: CriticalAddonsOnly
          operator: "Exists"
      containers:
      # Runs ovs containers on each Kubernetes node.
      - name: contiv-ovsdb-server
        image: {{ contiv_ovs_image_repo }}:{{ contiv_ovs_image_tag }}
        command: ["/scripts/start-ovsdb-server.sh"]
        securityContext:
          privileged: false
        # Won't work until https://github.com/contiv/ovs-docker/pull/4 is merged and image is built again
        env:
          - name: OVSDBSERVER_EXTRA_FLAGS
            valueFrom:
              configMapKeyRef:
                name: contiv-config
                key: contiv_ovsdb_server_extra_flags
        volumeMounts:
          - mountPath: /etc/openvswitch
            name: etc-openvswitch
            readOnly: false
          - mountPath: /var/run
            name: var-run
            readOnly: false
      - name: contiv-ovs-vswitchd
        image: {{ contiv_ovs_image_repo }}:{{ contiv_ovs_image_tag }}
        command: ["/scripts/start-ovs-vswitchd.sh"]
        securityContext:
          privileged: true
        # Won't work until https://github.com/contiv/ovs-docker/pull/4 is merged and image is built again
        env:
          - name: OVSVSWITCHD_EXTRA_FLAGS
            valueFrom:
              configMapKeyRef:
                name: contiv-config
                key: contiv_ovs_vswitchd_extra_flags
        volumeMounts:
         - mountPath: /etc/openvswitch
           name: etc-openvswitch
           readOnly: false
         - mountPath: /lib/modules
           name: lib-modules
           readOnly: true
         - mountPath: /var/run
           name: var-run
           readOnly: false
      volumes:
        # Used by contiv-ovs
        - name: etc-openvswitch
          hostPath:
            path: /etc/openvswitch
        - name: lib-modules
          hostPath:
            path: /lib/modules
        - name: var-run
          hostPath:
            path: /var/run