{{- if .Values.cni.enabled }}
kind: DaemonSet
apiVersion: apps/v1
metadata:
  name: {{ include "kuma.name" . }}-cni-node
  namespace: kube-system
  labels:
  {{- include "kuma.cniLabels" . | nindent 4 }}
spec:
  selector:
    matchLabels:
  {{- include "kuma.cniSelectorLabels" . | nindent 6 }}
  updateStrategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 1
  template:
    metadata:
      labels:
      {{- include "kuma.cniSelectorLabels" . | nindent 8 }}
      annotations:
        # This, along with the CriticalAddonsOnly toleration below,
        # marks the pod as a critical add-on, ensuring it gets
        # priority scheduling and that its resources are reserved
        # if it ever gets evicted.
        scheduler.alpha.kubernetes.io/critical-pod: ''
        checksum/config: {{ include (print $.Template.BasePath "/cni-configmap.yaml") . | sha256sum }}
    spec:
      {{- with .Values.cni.nodeSelector }}
      nodeSelector:
      {{ toYaml . | nindent 8 }}
      {{- end }}
      hostNetwork: true
      tolerations:
        # Make sure kuma-cni-node gets scheduled on all nodes.
        - effect: NoSchedule
          operator: Exists
        # Mark the pod as a critical add-on for rescheduling.
        - key: CriticalAddonsOnly
          operator: Exists
        - effect: NoExecute
          operator: Exists
      priorityClassName: system-cluster-critical
      serviceAccountName: {{ include "kuma.name" . }}-cni
      # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force
      # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.
      terminationGracePeriodSeconds: 5
      containers:
        - name: install-cni
          image: {{ include "kuma.formatImage" (dict "image" .Values.cni.image "root" $) | quote }}
          imagePullPolicy: Always
          command: ["/install-cni.sh"]
          env:
            # Name of the CNI config file to create.
            - name: CNI_CONF_NAME
              value: "{{ .Values.cni.confName }}"
            # The CNI network config to install on each node.
            - name: CNI_NETWORK_CONFIG
              valueFrom:
                configMapKeyRef:
                  name: {{ include "kuma.name" . }}-cni-config
                  key: cni_network_config
            - name: CNI_NET_DIR
              value: "{{ .Values.cni.netDir }}"
            # If true, deploy as a chained CNI plugin, otherwise deploy as a standalone CNI
            - name: CHAINED_CNI_PLUGIN
              value: "{{ .Values.cni.chained }}"
          volumeMounts:
            - mountPath: /host/opt/cni/bin
              name: cni-bin-dir
            - mountPath: /host/etc/cni/net.d
              name: cni-net-dir
      volumes:
        # Used to install CNI.
        - name: cni-bin-dir
          hostPath:
            path: {{ .Values.cni.binDir }}
        - name: cni-net-dir
          hostPath:
            path: {{ .Values.cni.netDir }}
  {{- end }}