apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: ziti-run-node
spec:
  selector:
    matchLabels:
      app: ziti-edge-tunnel
  template:
    metadata:
      labels:
        app: ziti-edge-tunnel
    spec:
      containers:
      - image: openziti/ziti-edge-tunnel
        name: ziti-edge-tunnel
        env:
        - name: ZITI_IDENTITY_BASENAME
          value: ziti-identity
        volumeMounts:
        - name: ziti-enrolled-identity
          mountPath: /ziti-edge-tunnel
          readOnly: true
        - name: system-bus-socket
          mountPath: /var/run/dbus/system_bus_socket
        securityContext:
          privileged: true
        args:  # []
      hostNetwork: true
      dnsPolicy: ClusterFirstWithHostNet
      nodeSelector:
        node-role.kubernetes.io/node: worker
      restartPolicy: Always
      volumes:
      - name: ziti-enrolled-identity
        secret:  # kubectl create secret generic ziti-enrolled-identity --from-file=ziti-enrolled-identity=./myZitiIdentityFile.json
          secretName: ziti-enrolled-identity
          defaultMode: 0400
          items:
          - key: ziti-enrolled-identity
            path: ziti-identity.json
      - name: system-bus-socket
        hostPath:
          path: /var/run/dbus/system_bus_socket