# services/game-stream/wolf-gatekeeper-daemonset.yaml apiVersion: apps/v1 kind: DaemonSet metadata: name: wolf-gatekeeper namespace: game-stream labels: app: wolf-gatekeeper spec: selector: matchLabels: app: wolf-gatekeeper template: metadata: labels: app: wolf-gatekeeper spec: hostNetwork: true dnsPolicy: ClusterFirstWithHostNet nodeSelector: kubernetes.io/hostname: titan-24 tolerations: - key: nvidia.com/gpu operator: Exists effect: NoSchedule containers: - name: gatekeeper image: ghcr.io/games-on-whales/wolf:stable imagePullPolicy: IfNotPresent command: ["/usr/bin/python3", "/opt/wolf-gatekeeper/wolf_gatekeeper.py"] env: - name: HOST_ROOT value: /host - name: NFT_PATH value: /sbin/nft - name: MAX_TTL_SECONDS value: "28800" - name: GATEKEEPER_HTTP_PORT value: "8087" ports: - name: http containerPort: 8087 securityContext: privileged: true readinessProbe: httpGet: path: /healthz port: 8087 initialDelaySeconds: 5 periodSeconds: 10 livenessProbe: httpGet: path: /healthz port: 8087 initialDelaySeconds: 20 periodSeconds: 20 resources: requests: cpu: 25m memory: 64Mi limits: cpu: 250m memory: 256Mi volumeMounts: - name: script mountPath: /opt/wolf-gatekeeper readOnly: true - name: host-root mountPath: /host readOnly: true volumes: - name: script configMap: name: wolf-gatekeeper defaultMode: 0555 - name: host-root hostPath: path: / type: Directory