# services/maintenance/rpi-resource-reservation-daemonset.yaml apiVersion: apps/v1 kind: DaemonSet metadata: name: rpi-resource-reservation namespace: maintenance spec: selector: matchLabels: app: rpi-resource-reservation updateStrategy: type: RollingUpdate template: metadata: labels: app: rpi-resource-reservation annotations: atlas.bstein.dev/reservation-revision: "2026-05-19-5" spec: hostPID: true # Needed for nsenter to run host systemd reloads after config writes. serviceAccountName: node-nofile nodeSelector: node-role.kubernetes.io/worker: "true" affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: hardware operator: In values: - rpi4 - rpi5 tolerations: - key: node.kubernetes.io/unschedulable operator: Exists effect: NoSchedule - key: node.kubernetes.io/not-ready operator: Exists effect: NoExecute - key: node.kubernetes.io/unreachable operator: Exists effect: NoExecute containers: - name: reservation image: bitnami/kubectl@sha256:554ab88b1858e8424c55de37ad417b16f2a0e65d1607aa0f3fe3ce9b9f10b131 command: ["/usr/bin/env", "bash"] args: ["/scripts/rpi_resource_reservation.sh"] env: - name: ATLAS_RPI_AUTO_RESTART value: "false" resources: requests: cpu: 10m memory: 32Mi limits: cpu: 100m memory: 96Mi securityContext: privileged: true # Required to write host kubelet reservation files under /host. runAsUser: 0 volumeMounts: - name: host-root mountPath: /host - name: script mountPath: /scripts readOnly: true volumes: - name: host-root hostPath: path: / - name: script configMap: name: rpi-resource-reservation-script defaultMode: 0555