---
kind: "Pod"
apiVersion: "v1"
metadata:
  name: "flannel"
  namespace: "{{system_namespace}}"
  labels:
    app: "flannel"
    version: "v0.1"
spec:
  tolerations:
    - effect: NoSchedule
      operator: Exists
  volumes:
    - name: "subnetenv"
      hostPath:
        path: "/run/flannel"
    - name: "etcd-certs"
      hostPath:
        path: "{{ flannel_cert_dir }}"
  containers:
    - name: "flannel-container"
      image: "{{ flannel_image_repo }}:{{ flannel_image_tag }}"
      imagePullPolicy: {{ k8s_image_pull_policy }}
      resources:
        limits:
          cpu: {{ flannel_cpu_limit }}
          memory: {{ flannel_memory_limit }}
        requests:
          cpu: {{ flannel_cpu_requests }}
          memory: {{ flannel_memory_requests }}
      command:
        - "/bin/sh"
        - "-c"
        - "/opt/bin/flanneld -etcd-endpoints {{ etcd_access_endpoint }} -etcd-prefix /{{ cluster_name }}/network -etcd-cafile {{ flannel_cert_dir }}/ca_cert.crt -etcd-certfile {{ flannel_cert_dir }}/cert.crt -etcd-keyfile {{ flannel_cert_dir }}/key.pem {% if flannel_interface is defined %}-iface {{ flannel_interface }}{% endif %} {% if flannel_public_ip is defined %}-public-ip {{ flannel_public_ip }}{% endif %}"
      ports:
        - hostPort: 10253
          containerPort: 10253
      volumeMounts:
        - name: "subnetenv"
          mountPath: "/run/flannel"
        - name: "etcd-certs"
          mountPath: "{{ flannel_cert_dir }}"
          readOnly: true
      securityContext:
        privileged: true
  hostNetwork: true