kind: DaemonSet
apiVersion: apps/v1
metadata:
  name: {{ include "openvpn.fullname" . }}-router
  labels:
    {{- include "openvpn.router.labels" . | nindent 4 }}
spec:
  selector:
    matchLabels:
      {{- include "openvpn.router.selectorLabels" . | nindent 6 }}
  template:
    metadata:
      labels:
        {{- include "openvpn.router.selectorLabels" . | nindent 8 }}
    spec:
      serviceAccountName: {{ .Release.Name }}-router
      {{- if .Values.registry_secret_data }}
      imagePullSecrets:
      - name: {{ include "openvpn.fullname" . }}-registry-secret
      {{- end }}
      hostNetwork: true
      priorityClassName: system-cluster-critical
      containers:
        - name: {{ .Chart.Name }}-router
          image: "{{ .Values.router.image }}:{{ .Values.router.tag }}"
          imagePullPolicy: IfNotPresent
          command: ["/bin/sh"]
          args: ["-c","/opt/route-check"]
          lifecycle:
            preStop:
              exec:
                command: ["/bin/sh","-c","/opt/route-delete"]
          securityContext:
            capabilities:
              add:
                - NET_ADMIN
          resources:
            {{- toYaml .Values.router.resources | nindent 12 }}
          volumeMounts:
            - name: routecheck
              mountPath: /opt
      volumes:
      - name: routecheck
        configMap:
          name: {{ include "openvpn.fullname" . }}-routecheck
          defaultMode: 0755