---
kind: DaemonSet
apiVersion: apps/v1
metadata:
  name: contiv-netmaster
  namespace: kube-system
  labels:
    k8s-app: contiv-netmaster
spec:
  updateStrategy:
    type: RollingUpdate
  selector:
    matchLabels:
      k8s-app: contiv-netmaster
  template:
    metadata:
      name: contiv-netmaster
      namespace: kube-system
      labels:
        k8s-app: contiv-netmaster
    spec:
      priorityClassName: system-node-critical
      # The netmaster must run in the host network namespace so that
      # it isn't governed by policy that would prevent it from working.
      hostNetwork: true
      dnsPolicy: ClusterFirstWithHostNet
      hostPID: true
      nodeSelector:
        node-role.kubernetes.io/master: ""
      tolerations:
        - operator: Exists
        # Mark pod as critical for rescheduling (Will have no effect starting with kubernetes 1.12)
        - key: CriticalAddonsOnly
          operator: "Exists"
      serviceAccountName: contiv-netmaster
      containers:
        - name: contiv-netmaster
          image: {{ contiv_image_repo }}:{{ contiv_image_tag }}
          env:
            - name: CONTIV_ROLE
              value: netmaster
            - name: CONTIV_NETMASTER_MODE
              value: kubernetes
            - name: CONTIV_NETMASTER_ETCD_ENDPOINTS
              valueFrom:
                configMapKeyRef:
                  name: contiv-config
                  key: contiv_etcd
            - name: CONTIV_NETMASTER_FORWARD_MODE
              valueFrom:
                configMapKeyRef:
                  name: contiv-config
                  key: contiv_fwdmode
            - name: CONTIV_NETMASTER_NET_MODE
              valueFrom:
                configMapKeyRef:
                  name: contiv-config
                  key: contiv_netmode
            - name: CONTIV_NETMASTER_LOG_LEVEL
              valueFrom:
                configMapKeyRef:
                  name: contiv-config
                  key: contiv_netmaster_loglevel
          securityContext:
            privileged: true
          volumeMounts:
            - mountPath: /var/contiv
              name: var-contiv
              readOnly: false
      volumes:
        # Used by contiv-netmaster
        - name: var-contiv
          hostPath:
            path: /var/contiv