# services/maintenance/metis-sentinel-daemonset.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: metis-sentinel
  namespace: maintenance
spec:
  selector:
    matchLabels:
      app: metis-sentinel
  updateStrategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: metis-sentinel
    spec:
      automountServiceAccountToken: false
      hostPID: true
      tolerations:
        - key: node-role.kubernetes.io/control-plane
          operator: Exists
          effect: NoSchedule
        - key: node-role.kubernetes.io/master
          operator: Exists
          effect: NoSchedule
      nodeSelector:
        kubernetes.io/os: linux
      containers:
        - name: metis-sentinel
          image: registry.bstein.dev/bstein/metis-sentinel:latest
          imagePullPolicy: Always
          envFrom:
            - configMapRef:
                name: metis
          resources:
            requests:
              cpu: 10m
              memory: 32Mi
            limits:
              cpu: 100m
              memory: 128Mi
          securityContext:
            privileged: true
            runAsUser: 0