# services/maintenance/node-image-sweeper-daemonset.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: node-image-sweeper
  namespace: maintenance
spec:
  selector:
    matchLabels:
      app: node-image-sweeper
  updateStrategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: node-image-sweeper
    spec:
      serviceAccountName: node-image-sweeper
      nodeSelector:
        kubernetes.io/arch: arm64
        node-role.kubernetes.io/worker: "true"
      containers:
        - name: node-image-sweeper
          image: python:3.12.9-alpine3.20
          command: ["/bin/sh", "/scripts/node_image_sweeper.sh"]
          securityContext:
            privileged: true
            runAsUser: 0
          volumeMounts:
            - name: host-root
              mountPath: /host
            - name: script
              mountPath: /scripts
              readOnly: true
      volumes:
        - name: host-root
          hostPath:
            path: /
        - name: script
          configMap:
            name: node-image-sweeper-script
            defaultMode: 0555