apiVersion: apps/v1
kind: DaemonSet
metadata:
  labels:
    component: kms
    k8s-app: kms
    kubernetes.io/cluster-service: "true"
  name: kms
  namespace: {{ .Values.namespace }}
spec:
  selector:
    matchLabels:
      k8s-app: kms
  template:
    metadata:
      labels:
        k8s-app: kms
    spec:
      containers:
      - args:
        - --port={{ .Values.kmsPort }}
        image: {{ .Values.kmsImage }}
        name: kms
        resources: {}
        volumeMounts:
        - mountPath: {{ .Values.serviceBasePath }}
          name: config
          readOnly: true
      nodeSelector:
        node-role.kubernetes.io/control-plane: ""
      priorityClassName: system-cluster-critical
      serviceAccountName: kms
      tolerations:
      - key: CriticalAddonsOnly
        operator: Exists
      - effect: NoSchedule
        key: node-role.kubernetes.io/master
        operator: Equal
        value: "true"
      - effect: NoSchedule
        key: node-role.kubernetes.io/control-plane
        operator: Exists
      - effect: NoExecute
        operator: Exists
      - effect: NoSchedule
        operator: Exists
      volumes:
      - name: config
        projected:
          sources:
          - configMap:
              items:
              - key: {{ .Values.measurementsFilename }}
                path: {{ .Values.measurementsFilename }}
              name: {{ .Values.joinConfigCMName }}
          - secret:
              items:
              - key: {{ .Values.masterSecretKeyName }}
                path: {{ .Values.masterSecretKeyName }}
              - key: {{ .Values.saltKeyName }}
                path: {{ .Values.saltKeyName }}
              name: {{ .Values.masterSecretName }}
  updateStrategy: {}