{{/*
# Copyright 2017 AT&T Intellectual Property.  All other rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}

{{- define "divingbell.daemonset.perm" }}
  {{- $daemonset := index . 0 }}
  {{- $secretName := index . 1 }}
  {{- $envAll := index . 2 }}
  {{- with $envAll }}
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: {{ $daemonset }}
  annotations:
    {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
spec:
{{ tuple $envAll $daemonset | include "helm-toolkit.snippets.kubernetes_upgrades_daemonset" | indent 2 }}
  selector:
    matchLabels:
{{ list $envAll .Chart.Name $daemonset | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
  template:
    metadata:
      labels:
{{ list $envAll .Chart.Name $daemonset | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
      annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
{{ dict "envAll" $envAll "podName" "divingbell-perm" "containerNames" (list "perm") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
    spec:
{{ dict "envAll" $envAll "application" "divingbell" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
      hostNetwork: true
      hostPID: true
      hostIPC: true
      containers:
      - name: {{ $daemonset }}
        image: {{ .Values.images.divingbell }}
        imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.perm | include "helm-toolkit.snippets.kubernetes_resources" | indent 8 }}
{{ dict "envAll" $envAll "application" "divingbell" "container" "perm" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 8 }}
        command:
        - /tmp/{{ $daemonset }}.sh
        volumeMounts:
        - name: pod-tmp
          mountPath: /tmp
        - name: rootfs-{{ $daemonset }}
          mountPath: {{ .Values.conf.chroot_mnt_path }}
        - name: {{ $secretName }}
          mountPath: /tmp/{{ $daemonset }}.sh
          subPath: {{ $daemonset }}
          readOnly: true
      volumes:
      - name: pod-tmp
        emptyDir: {}
      - name: rootfs-{{ $daemonset }}
        hostPath:
          path: /
      - name: {{ $secretName }}
        secret:
          secretName: {{ $secretName }}
          defaultMode: 0555
  {{- end }}
{{- end }}
{{- if .Values.manifests.daemonset_perm }}
{{- $daemonset := "perm" }}
{{- $secretName := "divingbell-perm" }}
{{- $daemonset_yaml := list $daemonset $secretName . | include "divingbell.daemonset.perm" | toString | fromYaml }}
{{- $secret_include := "divingbell.secret.perm" }}
{{- list $daemonset $daemonset_yaml $secret_include $secretName . | include "helm-toolkit.utils.daemonset_overrides" }}
{{- end }}