---
  kind: "Pod"
  apiVersion: "v1"
  metadata:
    name: "flannel"
    namespace: "{{system_namespace}}"
    labels:
      app: "flannel"
      version: "v0.1"
  spec:
    volumes:
      - name: "subnetenv"
        hostPath:
          path: "/run/flannel"
      - name: "etcd-certs"
        hostPath:
          path: "{{ network_plugin_etcd_cert_dir_real }}"
    containers:
      - name: "flannel-container"
        image: "{{ flannel_image_repo }}:{{ flannel_image_tag }}"
        imagePullPolicy: {{ k8s_image_pull_policy }}
        command:
          - "/bin/sh"
          - "-c"
          - "/opt/bin/flanneld -etcd-endpoints {{ network_plugin_etcd_access_endpoint }} -etcd-prefix /{{ cluster_name }}/network -etcd-cafile {{ network_plugin_etcd_cert_dir_real }}/ca.pem -etcd-certfile {{ network_plugin_etcd_cert_dir_real }}/node.pem -etcd-keyfile {{ network_plugin_etcd_cert_dir_real }}/node-key.pem {% if flannel_interface is defined %}-iface {{ flannel_interface }}{% endif %} {% if flannel_public_ip is defined %}-public-ip {{ flannel_public_ip }}{% endif %}"
        ports:
          - hostPort: 10253
            containerPort: 10253
        resources:
          limits:
            cpu: "100m"
        volumeMounts:
          - name: "subnetenv"
            mountPath: "/run/flannel"
          - name: "etcd-certs"
            mountPath: "{{ network_plugin_etcd_cert_dir_real }}"
            readOnly: true
        securityContext:
          privileged: true
    hostNetwork: true