# services/maintenance/pi-usb-scratch-daemonset.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: pi-usb-scratch
  namespace: maintenance
spec:
  selector:
    matchLabels:
      app: pi-usb-scratch
  updateStrategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 1
  template:
    metadata:
      labels:
        app: pi-usb-scratch
    spec:
      serviceAccountName: pi-usb-scratch
      hostPID: true
      nodeSelector:
        kubernetes.io/arch: arm64
        node-role.kubernetes.io/worker: "true"
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
              - matchExpressions:
                  - key: hardware
                    operator: In
                    values:
                      - rpi4
                      - rpi5
      containers:
        - name: pi-usb-scratch
          image: bitnami/kubectl@sha256:554ab88b1858e8424c55de37ad417b16f2a0e65d1607aa0f3fe3ce9b9f10b131
          command: ["/usr/bin/env", "bash"]
          args: ["/scripts/pi_usb_scratch.sh"]
          env:
            - name: NODE_NAME
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName
          securityContext:
            privileged: true
            runAsUser: 0
          volumeMounts:
            - name: host-root
              mountPath: /host
            - name: script
              mountPath: /scripts
              readOnly: true
            - name: config
              mountPath: /config
              readOnly: true
      volumes:
        - name: host-root
          hostPath:
            path: /
        - name: script
          configMap:
            name: pi-usb-scratch-script
            defaultMode: 0555
        - name: config
          configMap:
            name: pi-usb-scratch-config
            defaultMode: 0444