apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: multus-validation-test-image-pull-{{ .NodeType }}
  labels:
    app: multus-validation-test-image-pull
    nodeType: "{{ .NodeType }}"
    app.kubernetes.io/name: "image-puller"
    app.kubernetes.io/instance: "image-puller-{{ .NodeType }}"
    app.kubernetes.io/component: "image-puller"
    app.kubernetes.io/part-of: "multus-validation-test"
    app.kubernetes.io/managed-by: "rook-cli"
spec:
  selector:
    matchLabels:
      app: multus-validation-test-image-pull
      nodeType: "{{ .NodeType }}"
  template:
    metadata:
      labels:
        app: multus-validation-test-image-pull
        nodeType: "{{ .NodeType }}"
    spec:
      nodeSelector:
      {{- range $k, $v := .Placement.NodeSelector }}
        {{ $k }}: {{ $v }}
      {{- end }}
      tolerations:
      {{- range $idx, $toleration := .Placement.Tolerations }}
        - {{ $toleration.ToJSON }}
      {{- end }}
      securityContext:
        runAsNonRoot: true
        seccompProfile:
          type: RuntimeDefault
      containers:
        - name: sleep
          # use nginx image because it's already used for the web server pod and has a non-root user
          image: "{{ .NginxImage }}"
          command:
            - sleep
            - infinity
          resources: {}
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop:
                - "ALL"
            readOnlyRootFilesystem: true