resource "kubernetes_daemonset" "this" {
  metadata {
    name      = var.daemonset_name
    namespace = var.namespace
    labels = {
      app       = var.daemonset_name
      "k8s-app" = "cni"
    }
  }
  spec {
    selector {
      match_labels = {
        app       = var.daemonset_name
        "k8s-app" = "cni"
      }
    }

    template {
      metadata {
        labels = {
          app       = var.daemonset_name
          "k8s-app" = "cni"
        }
      }
      spec {
        affinity {
          node_affinity {
            required_during_scheduling_ignored_during_execution {
              node_selector_term {
                match_expressions {
                  key      = "kubernetes.io/os"
                  operator = "In"
                  values   = var.node_selector_os
                }
              }
            }
          }
        }

        host_network        = true
        priority_class_name = "system-node-critical"

        toleration {
          operator = "Exists"
          effect   = "NoSchedule"
        }

        service_account_name = kubernetes_service_account.this.metadata.0.name

        init_container {
          name    = "install-cni-plugin"
          image   = var.flannel_cni_plugin_image
          command = ["cp"]
          args    = ["-f", "/flannel", "/opt/cni/bin/flannel"]
          volume_mount {
            name       = "cni-plugin"
            mount_path = "/opt/cni/bin"
          }
        }

        init_container {
          name    = "install-cni"
          image   = var.flannel_image
          command = ["cp"]
          args    = ["-f", "/etc/kube-flannel/cni-conf.json", "/etc/cni/net.d/10-flannel.conflist"]
          volume_mount {
            name       = "cni"
            mount_path = "/etc/cni/net.d"
          }
          volume_mount {
            name       = "flannel-cfg"
            mount_path = "/etc/kube-flannel/"
          }
        }

        container {
          name    = "kube-flannel"
          image   = var.flannel_image
          command = ["/opt/bin/flanneld"]
          args    = ["--ip-masq", "--kube-subnet-mgr"]
          resources {
            requests = {
              cpu    = "100m"
              memory = "50Mi"
            }
            limits = {
              cpu    = "100m"
              memory = "50Mi"
            }
          }
          security_context {
            privileged = false
            capabilities {
              add = ["NET_ADMIN", "NET_RAW"]
            }
          }

          env {
            name = "POD_NAME"
            value_from {
              field_ref {
                field_path = "metadata.name"
              }
            }
          }

          env {
            name = "POD_NAMESPACE"
            value_from {
              field_ref {
                field_path = "metadata.namespace"
              }
            }
          }
          env {
            name  = "EVENT_QUEUE_DEPTH"
            value = "5000"
          }
          volume_mount {
            name       = "run"
            mount_path = "/run/flannel"
          }
          volume_mount {
            name       = "flannel-cfg"
            mount_path = "/etc/kube-flannel/"
          }
          volume_mount {
            name       = "xtables-lock"
            mount_path = "/run/xtables.lock"
          }
        }

        volume {
          name = "run"
          host_path {
            path = "/run/flannel"
          }
        }
        volume {
          name = "cni-plugin"
          host_path {
            path = "/opt/cni/bin"
          }
        }
        volume {
          name = "cni"
          host_path {
            path = "/etc/cni/net.d"
          }
        }
        volume {
          name = "flannel-cfg"
          config_map {
            name = kubernetes_config_map.this.metadata.0.name
          }
        }
        volume {
          name = "xtables-lock"
          host_path {
            path = "/run/xtables.lock"
            type = "FileOrCreate"
          }
        }
      }
    }
  }
}