---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: application-grid-wrapper
  namespace: edge-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: edge:application-grid-wrapper
rules:
  - apiGroups:
      - ""
    resources:
      - endpoints
      - services
    verbs:
      - list
      - watch
  - apiGroups:
      - ""
    resources:
      - nodes
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - ""
      - events.k8s.io
    resources:
      - events
    verbs:
      - create
      - patch
      - update
  - apiGroups:
      - discovery.k8s.io
    resources:
      - endpointslices
    verbs:
      - list
      - watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: edge:application-grid-wrapper
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: edge:application-grid-wrapper
subjects:
  - kind: ServiceAccount
    name: application-grid-wrapper
    namespace: edge-system
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: application-grid-wrapper
  namespace: edge-system
data:
  kubeconfig.conf: |
    apiVersion: v1
    clusters:
    - cluster:
        certificate-authority: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
        server: https://127.0.0.1:51003
      name: default
    contexts:
    - context:
        cluster: default
        namespace: default
        user: default
      name: default
    current-context: default
    kind: Config
    preferences: {}
    users:
    - name: default
      user:
        tokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token

---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  labels:
    k8s-app: application-grid-wrapper
    addonmanager.kubernetes.io/mode: Reconcile
  name: application-grid-wrapper
  namespace: edge-system
spec:
  selector:
    matchLabels:
      k8s-app: application-grid-wrapper
  updateStrategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 10%
  template:
    metadata:
      labels:
        k8s-app: application-grid-wrapper
    spec:
      serviceAccount: application-grid-wrapper
      serviceAccountName: application-grid-wrapper
      priorityClassName: system-node-critical
      hostNetwork: true
      restartPolicy: Always
      nodeSelector:
        kubernetes.io/os: linux # TODO select edge node
      tolerations:
        - key: "node-role.kubernetes.io/master"
          operator: "Exists"
          effect: "NoSchedule"
      containers:
        - name: application-grid-wrapper
          image: superedge/application-grid-wrapper:v0.3.0
          imagePullPolicy: IfNotPresent
          command:
            - /usr/local/bin/application-grid-wrapper
            - --kubeconfig=/var/lib/application-grid-wrapper/kubeconfig.conf
            - --bind-address=127.0.0.1:51006
            - --hostname=$(NODE_NAME)
            - --notify-channel-size=10000
          env:
            - name: NODE_NAME
              valueFrom:
                fieldRef:
                  apiVersion: v1
                  fieldPath: spec.nodeName
          resources:
            limits:
              cpu: 50m
              memory: 100Mi
            requests:
              cpu: 10m
              memory: 20Mi
          securityContext:
            privileged: true
          volumeMounts:
            - mountPath: /var/lib/application-grid-wrapper
              name: application-grid-wrapper
      volumes:
        - configMap:
            defaultMode: 420
            name: application-grid-wrapper
          name: application-grid-wrapper
        - hostPath:
            path: /var/tmp
            type: Directory
          name: host-var-tmp