apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: multus-validation-test-image-pull
  labels:
    app: multus-validation-test-image-pull
    app.kubernetes.io/name: "image-puller"
    app.kubernetes.io/instance: "image-puller"
    app.kubernetes.io/component: "image-puller"
    app.kubernetes.io/part-of: "multus-validation-test"
    app.kubernetes.io/managed-by: "rook-cli"
spec:
  selector:
    matchLabels:
      app: multus-validation-test-image-pull
  template:
    metadata:
      labels:
        app: multus-validation-test-image-pull
    spec:
      # TODO: selectors, affinities, tolerations
      securityContext:
        runAsNonRoot: true
        seccompProfile:
          type: RuntimeDefault
      containers:
        - name: sleep
          # use nginx image because it's already used for the web server pod and has a non-root user
          image: "{{ .NginxImage }}"
          command:
            - sleep
            - infinity
          resources: {}
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop:
                - "ALL"
            readOnlyRootFilesystem: true