# Daemonset
apiVersion: apps/v1
kind: DaemonSet
metadata:
  annotations:
    prometheus.io/scrape: 'true'
    prometheus.io/port: "9010"
  name: api-cni-cleanup 
  labels:
    app: api-cni-cleanup
    version: v.0.0.1
spec:
  selector:
    matchLabels:
      beta.kubernetes.io/os: linux
      app: api-cni-cleanup
      version: v.0.0.1
  template:
    metadata:
      labels:
        beta.kubernetes.io/os: linux
        app: api-cni-cleanup
        version: v.0.0.1
    spec:
      serviceAccountName: cni-serviceaccount
      containers:
      - name: api-cni-cleanup # Do not change name
        image: docker.io/jsenon/api-cni-cleanup:latest
        command: ["./api-cni-cleanup"]
        args: [server,--api,internal,--cnifiles,/var/lib/cni/networks/cbr0, --debug]
        imagePullPolicy: Always
        volumeMounts:
          - name: varcni
            mountPath: /var/lib/cni/networks
          - name: varrundocker
            mountPath: /var/run/docker.sock
        ports:
          - containerPort: 9010 # Do not change port
            protocol: TCP
      volumes:
      - name: varcni
        hostPath:
          path: /var/lib/cni/networks
      - name: varrundocker
        hostPath:
          path: /var/run/docker.socks
---
# SVC
kind: Service
apiVersion: v1
metadata:
  namespace: kube-system
  annotations:
    prometheus.io/scrape: 'true'
    prometheus.io/port: "9010"
  name: api-cni-cleanup
spec:
  selector:
    app: api-cni-cleanup
  ports:
  - protocol: TCP
    port: 9010
    targetPort: 9010
---
# Cronjob
apiVersion: batch/v1beta1
kind: CronJob
metadata:
  name: job-api-cni-cleanup
spec:
  schedule: "0 8 * * 1"
  jobTemplate:
    spec:
      template:
        spec:
          containers:
          - name: job-api-cni-cleanup
            image: docker.io/jsenon/api-cni-cleanup:latest
            command: ["./api-cni-cleanup"]
            args: [job,--api, internal,--autodiscover]
          restartPolicy: OnFailure
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  # "namespace" omitted since ClusterRoles are not namespaced
  name: cni-serviceaccount
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["get", "watch", "list"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: cni-serviceaccount
  namespace: kube-system
subjects:
- kind: ServiceAccount
  name: cni-serviceaccount # Name is case sensitive
  namespace: kube-system
roleRef:
  kind: ClusterRole #this must be Role or ClusterRole
  name: cni-serviceaccount # this must match the name of the Role or ClusterRole you wish to bind to
  apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: cni-serviceaccount
  namespace: kube-system