From a7cbbe049075d18155e9d1b679bbf7fdc9d8a9b3 Mon Sep 17 00:00:00 2001
From: Brad Stein <Brad.Stein@gmail.com>
Date: Tue, 31 Mar 2026 15:37:13 -0300
Subject: [PATCH] maintenance: split metis sentinel by architecture

---
 services/maintenance/kustomization.yaml       |  7 ++-
 services/maintenance/metis-deployment.yaml    |  2 +-
 ...ml => metis-sentinel-amd64-daemonset.yaml} | 11 +++--
 .../metis-sentinel-arm64-daemonset.yaml       | 46 +++++++++++++++++++
 4 files changed, 56 insertions(+), 10 deletions(-)
 rename services/maintenance/{metis-sentinel-daemonset.yaml => metis-sentinel-amd64-daemonset.yaml} (78%)
 create mode 100644 services/maintenance/metis-sentinel-arm64-daemonset.yaml

diff --git a/services/maintenance/kustomization.yaml b/services/maintenance/kustomization.yaml
index 618c86c1..abceff25 100644
--- a/services/maintenance/kustomization.yaml
+++ b/services/maintenance/kustomization.yaml
@@ -26,7 +26,8 @@ resources:
   - disable-k3s-traefik-daemonset.yaml
   - oneoffs/k3s-traefik-cleanup-job.yaml
   - node-nofile-daemonset.yaml
-  - metis-sentinel-daemonset.yaml
+  - metis-sentinel-amd64-daemonset.yaml
+  - metis-sentinel-arm64-daemonset.yaml
   - metis-k3s-token-sync-cronjob.yaml
   - k3s-agent-restart-daemonset.yaml
   - pod-cleaner-cronjob.yaml
@@ -39,9 +40,7 @@ images:
   - name: registry.bstein.dev/bstein/ariadne
     newTag: 0.1.0-22 # {"$imagepolicy": "maintenance:ariadne:tag"}
   - name: registry.bstein.dev/bstein/metis
-    newTag: 0.1.0-0 # {"$imagepolicy": "maintenance:metis:tag"}
-  - name: registry.bstein.dev/bstein/metis-sentinel
-    newTag: 0.1.0-0 # {"$imagepolicy": "maintenance:metis-sentinel:tag"}
+    newTag: 0.1.0-0-amd64
 configMapGenerator:
   - name: disable-k3s-traefik-script
     namespace: maintenance
diff --git a/services/maintenance/metis-deployment.yaml b/services/maintenance/metis-deployment.yaml
index 8dd77435..5d3660f3 100644
--- a/services/maintenance/metis-deployment.yaml
+++ b/services/maintenance/metis-deployment.yaml
@@ -27,7 +27,7 @@ spec:
         node-role.kubernetes.io/accelerator: "true"
       containers:
         - name: metis
-          image: registry.bstein.dev/bstein/metis:latest
+          image: registry.bstein.dev/bstein/metis:0.1.0-0-amd64
           imagePullPolicy: Always
           envFrom:
             - configMapRef:
diff --git a/services/maintenance/metis-sentinel-daemonset.yaml b/services/maintenance/metis-sentinel-amd64-daemonset.yaml
similarity index 78%
rename from services/maintenance/metis-sentinel-daemonset.yaml
rename to services/maintenance/metis-sentinel-amd64-daemonset.yaml
index d83976ba..d135581e 100644
--- a/services/maintenance/metis-sentinel-daemonset.yaml
+++ b/services/maintenance/metis-sentinel-amd64-daemonset.yaml
@@ -1,19 +1,19 @@
-# services/maintenance/metis-sentinel-daemonset.yaml
+# services/maintenance/metis-sentinel-amd64-daemonset.yaml
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
-  name: metis-sentinel
+  name: metis-sentinel-amd64
   namespace: maintenance
 spec:
   selector:
     matchLabels:
-      app: metis-sentinel
+      app: metis-sentinel-amd64
   updateStrategy:
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app: metis-sentinel
+        app: metis-sentinel-amd64
     spec:
       automountServiceAccountToken: false
       hostPID: true
@@ -26,9 +26,10 @@ spec:
           effect: NoSchedule
       nodeSelector:
         kubernetes.io/os: linux
+        kubernetes.io/arch: amd64
       containers:
         - name: metis-sentinel
-          image: registry.bstein.dev/bstein/metis-sentinel:latest
+          image: registry.bstein.dev/bstein/metis-sentinel:0.1.0-0-amd64
           imagePullPolicy: Always
           envFrom:
             - configMapRef:
diff --git a/services/maintenance/metis-sentinel-arm64-daemonset.yaml b/services/maintenance/metis-sentinel-arm64-daemonset.yaml
new file mode 100644
index 00000000..408f547f
--- /dev/null
+++ b/services/maintenance/metis-sentinel-arm64-daemonset.yaml
@@ -0,0 +1,46 @@
+# services/maintenance/metis-sentinel-arm64-daemonset.yaml
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: metis-sentinel-arm64
+  namespace: maintenance
+spec:
+  selector:
+    matchLabels:
+      app: metis-sentinel-arm64
+  updateStrategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app: metis-sentinel-arm64
+    spec:
+      automountServiceAccountToken: false
+      hostPID: true
+      tolerations:
+        - key: node-role.kubernetes.io/control-plane
+          operator: Exists
+          effect: NoSchedule
+        - key: node-role.kubernetes.io/master
+          operator: Exists
+          effect: NoSchedule
+      nodeSelector:
+        kubernetes.io/os: linux
+        kubernetes.io/arch: arm64
+      containers:
+        - name: metis-sentinel
+          image: registry.bstein.dev/bstein/metis-sentinel:0.1.0-0-arm64
+          imagePullPolicy: Always
+          envFrom:
+            - configMapRef:
+                name: metis
+          resources:
+            requests:
+              cpu: 10m
+              memory: 32Mi
+            limits:
+              cpu: 100m
+              memory: 128Mi
+          securityContext:
+            privileged: true
+            runAsUser: 0