{{- if .Values.topologyUpdater.enable -}}
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: {{ include "node-feature-discovery.fullname" . }}-topology-updater
  namespace: {{ include "node-feature-discovery.namespace" . }}
  labels:
    {{- include "node-feature-discovery.labels" . | nindent 4 }}
    role: topology-updater
  {{- with .Values.topologyUpdater.daemonsetAnnotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
spec:
  selector:
    matchLabels:
      {{- include "node-feature-discovery.selectorLabels" . | nindent 6 }}
      role: topology-updater
  template:
    metadata:
      labels:
        {{- include "node-feature-discovery.selectorLabels" . | nindent 8 }}
        role: topology-updater
      {{- with .Values.topologyUpdater.annotations }}
      annotations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
    spec:
      serviceAccountName: {{ include "node-feature-discovery.topologyUpdater.serviceAccountName" . }}
      dnsPolicy: ClusterFirstWithHostNet
    {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
    {{- end }}
      securityContext:
        {{- toYaml .Values.topologyUpdater.podSecurityContext | nindent 8 }}
      containers:
      - name: topology-updater
        image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
        imagePullPolicy: "{{ .Values.image.pullPolicy }}"
        env:
        - name: NODE_NAME
          valueFrom:
            fieldRef:
              fieldPath: spec.nodeName
        - name: NODE_ADDRESS
          valueFrom:
            fieldRef:
              fieldPath: status.hostIP
        command:
          - "nfd-topology-updater"
        args:
          - "-podresources-socket=/host-var/lib/kubelet-podresources/kubelet.sock"
          {{- if .Values.topologyUpdater.updateInterval | empty | not }}
          - "-sleep-interval={{ .Values.topologyUpdater.updateInterval }}"
          {{- else }}
          - "-sleep-interval=3s"
          {{- end }}
          {{- if .Values.topologyUpdater.watchNamespace | empty | not }}
          - "-watch-namespace={{ .Values.topologyUpdater.watchNamespace }}"
          {{- else }}
          - "-watch-namespace=*"
          {{- end }}
          {{- if .Values.tls.enable }}
          - "-ca-file=/etc/kubernetes/node-feature-discovery/certs/ca.crt"
          - "-key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key"
          - "-cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt"
          {{- end }}
          {{- if .Values.topologyUpdater.podSetFingerprint }}
          - "-pods-fingerprint"
          {{- end }}
          {{- if .Values.topologyUpdater.kubeletConfigPath | empty | not }}
          - "-kubelet-config-uri=file:///host-var/kubelet-config"
          {{- end }}
          {{- if .Values.topologyUpdater.kubeletStateDir | empty }}
          # Disable kubelet state tracking by giving an empty path
          - "-kubelet-state-dir="
          {{- end }}
          - -metrics={{ .Values.topologyUpdater.metricsPort | default "8081"}}
        ports:
          - name: metrics
            containerPort: {{ .Values.topologyUpdater.metricsPort | default "8081"}}
        volumeMounts:
        {{- if .Values.topologyUpdater.kubeletConfigPath | empty | not }}
        - name: kubelet-config
          mountPath: /host-var/kubelet-config
        {{- end }}
        - name: kubelet-podresources-sock
          mountPath: /host-var/lib/kubelet-podresources/kubelet.sock
        - name: host-sys
          mountPath: /host-sys
        {{- if .Values.topologyUpdater.kubeletStateDir | empty | not }}
        - name: kubelet-state-files
          mountPath: /host-var/lib/kubelet
          readOnly: true
        {{- end }}
        {{- if .Values.tls.enable }}
        - name: nfd-topology-updater-cert
          mountPath: "/etc/kubernetes/node-feature-discovery/certs"
          readOnly: true
        {{- end }}
        - name: nfd-topology-updater-conf
          mountPath: "/etc/kubernetes/node-feature-discovery"
          readOnly: true

        resources:
      {{- toYaml .Values.topologyUpdater.resources | nindent 12 }}
        securityContext:
      {{- toYaml .Values.topologyUpdater.securityContext | nindent 12 }}
      volumes:
      - name: host-sys
        hostPath:
          path: "/sys"
      {{- if .Values.topologyUpdater.kubeletConfigPath | empty | not }}
      - name: kubelet-config
        hostPath:
          path: {{ .Values.topologyUpdater.kubeletConfigPath }}
      {{- end }}
      - name: kubelet-podresources-sock
        hostPath:
          {{- if .Values.topologyUpdater.kubeletPodResourcesSockPath | empty | not }}
          path: {{ .Values.topologyUpdater.kubeletPodResourcesSockPath }}
          {{- else }}
          path: /var/lib/kubelet/pod-resources/kubelet.sock
          {{- end }}
      {{- if .Values.topologyUpdater.kubeletStateDir | empty | not }}
      - name: kubelet-state-files
        hostPath:
          path: {{ .Values.topologyUpdater.kubeletStateDir }}
      {{- end }}
      - name: nfd-topology-updater-conf
        configMap:
          name: {{ include "node-feature-discovery.fullname" . }}-topology-updater-conf
          items:
            - key: nfd-topology-updater.conf
              path: nfd-topology-updater.conf
      {{- if .Values.tls.enable }}
      - name: nfd-topology-updater-cert
        secret:
          secretName: nfd-topology-updater-cert
      {{- end }}


    {{- with .Values.topologyUpdater.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
    {{- with .Values.topologyUpdater.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
    {{- end }}
    {{- with .Values.topologyUpdater.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
    {{- end }}
{{- end }}