resource "kubectl_manifest" "plugin" {
  yaml_body  = <<-EOF
    apiVersion: apps/v1
    kind: DaemonSet
    metadata:
      name: kube-cni-linux-bridge-plugin
      namespace: ${var.namespace}
      labels: ${jsonencode(local.common-labels)}
      ownerReferences: ${jsonencode(var.install_owner)}
    spec:
      selector:
        matchLabels:
          name: kube-cni-linux-bridge-plugin
      template:
        metadata:
          annotations:
            description: LinuxBridge installs 'bridge' CNI on cluster nodes, so it can
              be later used to attach Pods/VMs to Linux bridges
          labels:
            app: cni-plugins
            app.kubernetes.io/component: network
            name: kube-cni-linux-bridge-plugin
            tier: node
        spec:
          containers:
          - command:
            - /bin/bash
            - -ce
            - |
              echo 'Installing bridge and tuning CNIs'
              cni_mount_dir=/opt/cni/bin
              sourcebinpath=/usr/src/github.com/containernetworking/plugins/bin
              cp --remove-destination $${sourcebinpath}/bridge $${cni_mount_dir}/cnv-bridge
              cp --remove-destination $${sourcebinpath}/tuning $${cni_mount_dir}/cnv-tuning

              echo 'Checking bridge and tuning CNIs deployment on node'
              printf -v bridgechecksum "%s" "$(<$sourcebinpath/bridge.checksum)"
              printf -v tuningchecksum "%s" "$(<$sourcebinpath/tuning.checksum)"
              printf "%s %s" "$${bridgechecksum% *}" "$${cni_mount_dir}/cnv-bridge" | sha256sum --check
              printf "%s %s" "$${tuningchecksum% *}" "$${cni_mount_dir}/cnv-tuning" | sha256sum --check

              # Some projects (e.g. openshift/console) use cnv- prefix to distinguish between
              # binaries shipped by OpenShift and those shipped by KubeVirt (D/S matters).
              # Following two lines make sure we will provide both names when needed.
              find $${cni_mount_dir}/bridge &>/dev/null || ln -s $${cni_mount_dir}/cnv-bridge $${cni_mount_dir}/bridge
              find $${cni_mount_dir}/tuning &>/dev/null || ln -s $${cni_mount_dir}/cnv-tuning $${cni_mount_dir}/tuning
              echo 'Entering sleep... (success)'
              sleep infinity
            image: ${var.images.plugin.registry}/${var.images.plugin.repository}:${var.images.plugin.tag}
            imagePullPolicy: ${var.images.plugin.pull_policy}
            name: cni-plugins
            resources:
              requests:
                cpu: 10m
                memory: 15Mi
            securityContext:
              privileged: true
            volumeMounts:
            - mountPath: /opt/cni/bin
              name: cnibin
          nodeSelector:
            kubernetes.io/arch: amd64
          priorityClassName: system-cluster-critical
          restartPolicy: Always
          tolerations:
          - effect: NoSchedule
            operator: Exists
          volumes:
          - hostPath:
              path: "${var.cni.bin_dir}"
              type: ""
            name: cnibin
EOF
}