# services/maintenance/metis-sentinel-amd64-daemonset.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: metis-sentinel-amd64
  namespace: maintenance
spec:
  selector:
    matchLabels:
      app: metis-sentinel-amd64
  updateStrategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 25%
  template:
    metadata:
      labels:
        app: metis-sentinel-amd64
    spec:
      automountServiceAccountToken: false
      hostPID: true
      tolerations:
        - key: node-role.kubernetes.io/control-plane
          operator: Exists
          effect: NoSchedule
        - key: node-role.kubernetes.io/master
          operator: Exists
          effect: NoSchedule
      nodeSelector:
        kubernetes.io/os: linux
        kubernetes.io/arch: amd64
      containers:
        - name: metis-sentinel
          image: registry.bstein.dev/bstein/metis-sentinel:0.1.0-103-amd64 # {"$imagepolicy": "maintenance:metis-sentinel-amd64"}
          imagePullPolicy: Always
          envFrom:
            - configMapRef:
                name: metis
          resources:
            requests:
              cpu: 10m
              memory: 32Mi
            limits:
              cpu: 100m
              memory: 128Mi
          securityContext:
            privileged: true
            runAsUser: 0