apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: k8s-reboot-coordinator
  labels:
    app.kubernetes.io/name: k8s-reboot-coordinator
    app.kubernetes.io/component: k8s-reboot-coordinator
    app.kubernetes.io/part-of: k8s-reboot-coordinator
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: k8s-reboot-coordinator
      app.kubernetes.io/component: k8s-reboot-coordinator
  template:
    metadata:
      labels:
        app.kubernetes.io/name: k8s-reboot-coordinator
        app.kubernetes.io/component: k8s-reboot-coordinator
        app.kubernetes.io/part-of: k8s-reboot-coordinator
    spec:
      containers:
      - name: k8s-reboot-coordinator
        image: k8s-reboot-coordinator
        ports:
        - name: http
          containerPort: 8000
        env:
        - name: RUST_LOG
          value: info
        - name: NODE_NAME
          valueFrom:
            fieldRef:
              fieldPath: spec.nodeName
        securityContext:
          capabilities:
            add:
            - CAP_DAC_READ_SEARCH
            - CAP_SYS_CHROOT
            - CAP_SYS_ADMIN
            drop:
            - ALL
          privileged: true
          readOnlyRootFilesystem: true
        volumeMounts:
        - mountPath: /host
          name: host
          readOnly: true
      hostPID: true
      securityContext:
        runAsUser: 0
        runAsGroup: 0
        runAsNonRoot: false
      serviceAccountName: k8s-reboot-coordinator
      tolerations:
      - key: node-role.kubernetes.io/control-plane
        effect: NoSchedule
      volumes:
      - name: host
        hostPath:
          path: /
          type: Directory