apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: virt-macvtap-ds
  namespace: kubevirt
spec:
  selector:
    matchLabels:
      name: virt-macvtap-ds
  template:
    metadata:
      labels:
        name: virt-macvtap-ds
    spec:
      serviceAccountName: virt-macvtap-ds
      hostNetwork: true
      hostPID: true
      priorityClassName: edge-p2-critical-services
      initContainers:
      - name: macvtap-cni-init
        image: bzl://cmd/sds/vms/macvtap:container_push
        command: ["/bin/sh", "-c"]
        args:
        - "MA=$(kubectl get IENodes $NODE -o jsonpath='{ .spec.primaryInterface.macAddresses[0] }') \nIF=$(ip a | grep -B 1 \"link/ether $MA\" | awk -F: 'NR==1 { print $2 }' | tr -d \" \" ) \n[ -z \"$IF\" ] && echo \"MAC address $MA not found\" && exit 404 \nprintf '[{\"name\": \"l2host\", \"lowerDevice\":\"%s\", \"mode\":\"bridge\", \"capacity\":10}]' \"$IF\" | tee /host/opt/cni/bin/macvtap.env \nprintf \"\\n\" \n"
        env:
        - name: NODE
          valueFrom:
            fieldRef:
              fieldPath: spec.nodeName
        resources:
          requests:
            cpu: "10m"
            memory: "15Mi"
        volumeMounts:
        - name: cni
          mountPath: /host/opt/cni/bin
          mountPropagation: Bidirectional
        imagePullPolicy: IfNotPresent
        securityContext:
          privileged: true
      - name: macvtap-cni-install
        image: bzl://third_party/k8s/kubevirt:macvtap_cni_container_push
        command: ["cp", "/macvtap-cni", "/host/opt/cni/bin/macvtap"]
        resources:
          requests:
            cpu: "10m"
            memory: "15Mi"
        volumeMounts:
        - name: cni
          mountPath: /host/opt/cni/bin
          mountPropagation: Bidirectional
        imagePullPolicy: IfNotPresent
        securityContext:
          privileged: true
      containers:
      - name: macvtap-cni
        image: bzl://third_party/k8s/kubevirt:macvtap_cni_container_push
        command: ["sh", "-c"]
        args:
        - "export DP_MACVTAP_CONF=\"$(cat /host/opt/cni/bin/macvtap.env)\" \nset \n/macvtap-deviceplugin -v 3 -logtostderr \n"
        resources:
          requests:
            cpu: "60m"
            memory: "30Mi"
        volumeMounts:
        - name: deviceplugin
          mountPath: /var/lib/kubelet/device-plugins
        - name: cni
          mountPath: /host/opt/cni/bin
        imagePullPolicy: IfNotPresent
        securityContext:
          privileged: true
      volumes:
      - name: cni
        hostPath:
          path: /opt/cni/bin
      - name: deviceplugin
        hostPath:
          path: /var/lib/kubelet/device-plugins
      imagePullSecrets:
      - name: edge-docker-pull-secret