apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
  labels:
    app: controller-manager
  name: controller-manager
spec:
  selector:
    matchLabels:
      app: controller-manager
  strategy:
    rollingUpdate:
      maxUnavailable: 1
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: controller-manager
    spec:
      serviceAccountName: service-catalog-controller
      nodeSelector:
{% for key, value in node_selector.iteritems() %}
        {{key}}: "{{value}}"
{% endfor %}
      containers:
      - env:
        - name: K8S_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        args:
        - controller-manager
        - -v
        - "5"
        - --leader-election-namespace
        - kube-service-catalog
        - --broker-relist-interval
        - "5m"
        - --feature-gates
        - OriginatingIdentity=true
        image: {{ openshift_service_catalog_image_prefix }}service-catalog:{{ openshift_service_catalog_image_version }}
        command: ["/usr/bin/service-catalog"]
        imagePullPolicy: Always
        name: controller-manager
        ports:
        - containerPort: 8080
          protocol: TCP
        resources: {}
        terminationMessagePath: /dev/termination-log
        volumeMounts:
        - mountPath: /var/run/kubernetes-service-catalog
          name: service-catalog-ssl
          readOnly: true
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      securityContext: {}
      terminationGracePeriodSeconds: 30
      volumes:
      - name: service-catalog-ssl
        secret:
          defaultMode: 420
          items:
          - key: tls.crt
            path: apiserver.crt
          secretName: apiserver-ssl