apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: multus-validation-test-host-checker-{{ .NodeType }}
  labels:
    app: multus-validation-test-host-checker
    nodeType: "{{ .NodeType }}"
    app.kubernetes.io/name: "host-checker"
    app.kubernetes.io/instance: "host-checker-{{ .NodeType }}"
    app.kubernetes.io/component: "host-checker"
    app.kubernetes.io/part-of: "multus-validation-test"
    app.kubernetes.io/managed-by: "rook-cli"
spec:
  selector:
    matchLabels:
      app: multus-validation-test-host-checker
      nodeType: "{{ .NodeType }}"
  template:
    metadata:
      labels:
        app: multus-validation-test-host-checker
        nodeType: "{{ .NodeType }}"
    spec:
      nodeSelector:
      {{- range $k, $v := .Placement.NodeSelector }}
        {{ $k }}: {{ $v }}
      {{- end }}
      tolerations:
      {{- range $idx, $toleration := .Placement.Tolerations }}
        - {{ $toleration.ToJSON }}
      {{- end }}
      securityContext:
        runAsNonRoot: true
        seccompProfile:
          type: RuntimeDefault
      hostNetwork: true
      containers:
        - name: readiness-check-web-server-public-addr
          # use nginx image because it's already used for the web server pod and has a non-root user
          image: "{{ .NginxImage }}"
          command:
            - sleep
            - infinity
          resources: {}
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop:
                - "ALL"
          # A readiness probe makes validation testing easier than investigate container logs.
          # Additionally, readiness probe failures don't result in CrashLoopBackoff -- ideal here,
          # where ever-longer back-offs would cause tests to run for much longer than necessary.
          readinessProbe:
            # Low failure threshold and high success threshold. Intended to be very sensitive to
            # failures. If probe fails with any regularity, Ceph OSDs likely won't be stable.
            failureThreshold: 1
            successThreshold: 12
            periodSeconds: 5
            # Assumption: a network with a latency more than 4 seconds for this validation test's
            # simple client-server response likely won't support acceptable performance for any
            # production Ceph cluster.
            timeoutSeconds: 4
            # TODO: exec:curl works but httpGet fails. Why? need custom header?
            exec:
              command:
                - "curl"
                - "--insecure"
                - "{{ .PublicNetworkAddress }}:8080"