apiVersion: v1
kind: Namespace
metadata:
  name: pod-reaper
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: pod-reaper
  namespace: pod-reaper
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: pod-reaper
rules:
  - apiGroups: [""]
    resources: ["pods", "nodes"]
    verbs: ["get", "list", "watch", "update", "delete"]
  - apiGroups: ["apps"]
    resources: ["deployments", "statefulsets", "daemonsets", "replicasets"]
    verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: pod-reaper
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: pod-reaper
subjects:
  - kind: ServiceAccount
    name: pod-reaper
    namespace: pod-reaper
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: pod-reaper
  namespace: pod-reaper
spec:
  selector:
    matchLabels:
      app: pod-reaper
  template:
    metadata:
      labels:
        app: pod-reaper
    spec:
      serviceAccountName: pod-reaper
      tolerations:
        # Run on all nodes, including master/control-plane nodes
        - key: node-role.kubernetes.io/control-plane
          operator: Exists
          effect: NoSchedule
        - key: node.kubernetes.io/not-ready
          operator: Exists
          effect: NoSchedule
        - key: node.kubernetes.io/unreachable
          operator: Exists
          effect: NoSchedule
      containers:
        - name: pod-reaper
          image: allardkrings/pod-reaper:1.0
          imagePullPolicy: Always
          args:
            - "--not-ready-timeout=5m"
            - "--check-interval=30s"
          resources:
            limits:
              cpu: "100m"
              memory: "100Mi"
            requests:
              cpu: "50m"
              memory: "50Mi"