dotfiles/apps/base/archlinux-builder/daemonset.yaml

apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: archlinux-builder
spec:
  updateStrategy:
    type: OnDelete
  selector:
    matchLabels:
      app.kubernetes.io/name: archlinux-builder
      app.kubernetes.io/part-of: archlinux-builder
  template:
    metadata:
      labels:
        app.kubernetes.io/name: archlinux-builder
        app.kubernetes.io/part-of: archlinux-builder
    spec:
      automountServiceAccountToken: false
      terminationGracePeriodSeconds: 600
      containers:
      - image: harbor.home.wugi.info/library/archlinux-systemd-builder:latest
        name: archlinux
        env:
        - name: container
          value: docker
        securityContext:
          capabilities:
            add:
            - NET_ADMIN
            - NET_BIND_SERVICE
            - NET_RAW
            - SYS_ADMIN
            - SYS_NICE
            - SYS_TIME
          privileged: true
        tty: true
        lifecycle:
           preStop:
             exec:
               command:
               - /bin/sh
               - -c
               - |
                 if /bin/systemctl poweroff
                 then
                     :
                 else
                     exit 0
                 fi
        volumeMounts:
        - mountPath: /run
          name: archlinux-run
        - mountPath: /tmp
          name: archlinux-tmp
        - name: home-oleg-ssh-authorized-keys
          mountPath: /home/oleg/.ssh/authorized_keys
          readOnly: true
      volumes:
      - emptyDir:
          medium: Memory
          sizeLimit: 4G
        name: archlinux-tmp
      - emptyDir:
          medium: Memory
          sizeLimit: 512M
        name: archlinux-run
      - name: home-oleg-ssh-authorized-keys
        hostPath:
          path: /home/oleg/.ssh/authorized_keys
          type: File