---
# Source: copy-fail-blocker/templates/daemonset.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: copy-fail-blocker
  namespace: kube-system
  labels:
    app.kubernetes.io/name: copy-fail-blocker
    app.kubernetes.io/instance: copy-fail-blocker
    app.kubernetes.io/managed-by: Helm
    helm.sh/chart: copy-fail-blocker-0.2.1
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: copy-fail-blocker
      app.kubernetes.io/instance: copy-fail-blocker
  template:
    metadata:
      labels:
        app.kubernetes.io/name: copy-fail-blocker
        app.kubernetes.io/instance: copy-fail-blocker
    spec:
      hostPID: false
      hostNetwork: false
      priorityClassName: system-node-critical
      tolerations:
        - operator: Exists
      containers:
        - name: blocker
          image: "ghcr.io/cozystack/copy-fail-blocker:v0.2.0@sha256:64706bb9fff42ffaedab855163bd9edd0bc566798503ad92b4eb1e52f78cabdf"
          imagePullPolicy: IfNotPresent
          securityContext:
            privileged: true
            readOnlyRootFilesystem: true
            runAsUser: 0
          resources:
            limits:
              memory: 64Mi
            requests:
              cpu: 5m
              memory: 16Mi
          volumeMounts:
            - name: sys
              mountPath: /sys
              readOnly: true
            - name: bpffs
              mountPath: /sys/fs/bpf
              mountPropagation: HostToContainer
      volumes:
        - name: sys
          hostPath:
            path: /sys
            type: Directory
        - name: bpffs
          hostPath:
            path: /sys/fs/bpf
            type: Directory