emosher/_data.yml

## _data.yml
#@ load("@ytt:overlay", "overlay")

#@ def matchObj():
kind: DaemonSet
metadata:
  namespace: build-service
  name: build-pod-image-fetcher
#@ end

#@ def change_image(imgUrl):
#@  imgParts = imgUrl.split("@")
#@  tag = imgParts[-1]
#@  return "{}@{}".format("myrepo.com/foobar", str(tag))
#@ end

#@overlay/match by=overlay.subset(matchObj()), expects="1+"
---
spec:
  template:
    spec:
      containers:
      #@overlay/match by=overlay.all, expects="1+"
      - args:
        #@overlay/match expects="1+"
        image: #@overlay/replace via=lambda left, right: change_image(left)
      initContainers:
      #@overlay/match by=overlay.all, expects="1+"
      - args:
        #@overlay/match expects="1+"
        image: #@overlay/replace via=lambda left, right: change_image(left)

## build-pod-image-fetcher.yml
apiVersion: apps/v1
kind: DaemonSet
metadata:
  generation: 1
  labels:
    kapp.k14s.io/app: "1701718621941864433"
    kapp.k14s.io/association: v1.34604844847cb619bf1447743c295924
  name: build-pod-image-fetcher
  namespace: build-service
  resourceVersion: "176879"
  uid: acbd67b0-d58c-4d13-89df-85bee93ff9d3
spec:
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app: build-pod-image-fetcher
      kapp.k14s.io/app: "1701718621941864433"
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: build-pod-image-fetcher
        kapp.k14s.io/app: "1701718621941864433"
        kapp.k14s.io/association: v1.34604844847cb619bf1447743c295924
    spec:
      containers:
      - args:
        - -mode
        - sleep
        command:
        - /drop/sleeper
        image: us-east4-docker.pkg.dev/mosher-workspace/tap/tap-packages-1.5.3@sha256:b648d2f11b2c4c5ad732fa37f645f8f047066444fcdfa76f0e9319ee14ab4fa5
        imagePullPolicy: Always
        name: completion
        resources:
          limits:
            cpu: 1m
            memory: 20M
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
          privileged: false
          runAsNonRoot: true
          seccompProfile:
            type: RuntimeDefault
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        volumeMounts:
        - mountPath: /drop/
          name: sleeper
      - args:
        - -mode
        - sleep
        command:
        - /drop/sleeper
        image: us-east4-docker.pkg.dev/mosher-workspace/tap/tap-packages-1.5.3@sha256:11ec0509acc298565f39cb9f52e89fb9f4e8c178c5526308533c84ca5b4b6b3a
        imagePullPolicy: Always
        name: rebase
        resources:
          limits:
            cpu: 1m
            memory: 20M
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
          privileged: false
          runAsNonRoot: true
          seccompProfile:
            type: RuntimeDefault
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        volumeMounts:
        - mountPath: /drop/
          name: sleeper
      - args:
        - -mode
        - sleep
        command:
        - /drop/sleeper
        image: us-east4-docker.pkg.dev/mosher-workspace/tap/tap-packages-1.5.3@sha256:f506f17f15f431bce7b0efcbcc479237824106f9228669e166ecbf5acb55dd48
        imagePullPolicy: Always
        name: build-init
        resources:
          limits:
            cpu: 1m
            memory: 20M
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
          privileged: false
          runAsNonRoot: true
          seccompProfile:
            type: RuntimeDefault
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        volumeMounts:
        - mountPath: /drop/
          name: sleeper
      - args:
        - -mode
        - sleep
        command:
        - /drop/sleeper
        image: us-east4-docker.pkg.dev/mosher-workspace/tap/tap-packages-1.5.3@sha256:f839f262cf638aa4994d8afeeb1a7654770cd3d3ed811ed88e661e3424f3287f
        imagePullPolicy: Always
        name: setup-ca-certs
        resources:
          limits:
            cpu: 1m
            memory: 20M
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
          privileged: false
          runAsNonRoot: true
          seccompProfile:
            type: RuntimeDefault
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        volumeMounts:
        - mountPath: /drop/
          name: sleeper
      - args:
        - -mode
        - sleep
        command:
        - /drop/sleeper
        image: us-east4-docker.pkg.dev/mosher-workspace/tap/tap-packages-1.5.3@sha256:db41a2d916ebcdbe06e349609dc08d27d2fe4d2f5b7bc5a99178207f3e9759da
        imagePullPolicy: Always
        name: stackify
        resources:
          limits:
            cpu: 1m
            memory: 20M
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
          privileged: false
          runAsNonRoot: true
          seccompProfile:
            type: RuntimeDefault
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        volumeMounts:
        - mountPath: /drop/
          name: sleeper
      dnsPolicy: ClusterFirst
      imagePullSecrets:
      - name: tbs-install-pull-secret
      initContainers:
      - args:
        - -mode
        - copy
        - -to
        - /drop/sleeper
        image: us-east4-docker.pkg.dev/mosher-workspace/tap/tap-packages-1.5.3@sha256:4ab684196a3d1ea0f7e901a82d687ffe8b9ef5fdb3f1acd7fc4874891277fc1b
        imagePullPolicy: IfNotPresent
        name: sleeper
        resources:
          limits:
            cpu: 1m
            memory: 20M
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
          privileged: false
          runAsNonRoot: true
          seccompProfile:
            type: RuntimeDefault
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        volumeMounts:
        - mountPath: /drop/
          name: sleeper
      nodeSelector:
        kubernetes.io/os: linux
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext:
        runAsNonRoot: true
        seccompProfile:
          type: RuntimeDefault
      serviceAccount: build-service-daemonset-serviceaccount
      serviceAccountName: build-service-daemonset-serviceaccount
      terminationGracePeriodSeconds: 30
      volumes:
      - emptyDir: {}
        name: sleeper
  updateStrategy:
    rollingUpdate:
      maxSurge: 0
      maxUnavailable: 1
    type: RollingUpdate
	#@ load("@ytt:overlay", "overlay")

	#@ def matchObj():
	kind: DaemonSet
	metadata:
	namespace: build-service
	name: build-pod-image-fetcher
	#@ end

	#@ def change_image(imgUrl):
	#@ imgParts = imgUrl.split("@")
	#@ tag = imgParts[-1]
	#@ return "{}@{}".format("myrepo.com/foobar", str(tag))
	#@ end

	#@overlay/match by=overlay.subset(matchObj()), expects="1+"
	---
	spec:
	template:
	spec:
	containers:
	#@overlay/match by=overlay.all, expects="1+"
	- args:
	#@overlay/match expects="1+"
	image: #@overlay/replace via=lambda left, right: change_image(left)
	initContainers:
	#@overlay/match by=overlay.all, expects="1+"
	- args:
	#@overlay/match expects="1+"
	image: #@overlay/replace via=lambda left, right: change_image(left)
	apiVersion: apps/v1
	kind: DaemonSet
	metadata:
	generation: 1
	labels:
	kapp.k14s.io/app: "1701718621941864433"
	kapp.k14s.io/association: v1.34604844847cb619bf1447743c295924
	name: build-pod-image-fetcher
	namespace: build-service
	resourceVersion: "176879"
	uid: acbd67b0-d58c-4d13-89df-85bee93ff9d3
	spec:
	revisionHistoryLimit: 10
	selector:
	matchLabels:
	app: build-pod-image-fetcher
	kapp.k14s.io/app: "1701718621941864433"
	template:
	metadata:
	creationTimestamp: null
	labels:
	app: build-pod-image-fetcher
	kapp.k14s.io/app: "1701718621941864433"
	kapp.k14s.io/association: v1.34604844847cb619bf1447743c295924
	spec:
	containers:
	- args:
	- -mode
	- sleep
	command:
	- /drop/sleeper
	image: us-east4-docker.pkg.dev/mosher-workspace/tap/tap-packages-1.5.3@sha256:b648d2f11b2c4c5ad732fa37f645f8f047066444fcdfa76f0e9319ee14ab4fa5
	imagePullPolicy: Always
	name: completion
	resources:
	limits:
	cpu: 1m
	memory: 20M
	securityContext:
	allowPrivilegeEscalation: false
	capabilities:
	drop:
	- ALL
	privileged: false
	runAsNonRoot: true
	seccompProfile:
	type: RuntimeDefault
	terminationMessagePath: /dev/termination-log
	terminationMessagePolicy: File
	volumeMounts:
	- mountPath: /drop/
	name: sleeper
	- args:
	- -mode
	- sleep
	command:
	- /drop/sleeper
	image: us-east4-docker.pkg.dev/mosher-workspace/tap/tap-packages-1.5.3@sha256:11ec0509acc298565f39cb9f52e89fb9f4e8c178c5526308533c84ca5b4b6b3a
	imagePullPolicy: Always
	name: rebase
	resources:
	limits:
	cpu: 1m
	memory: 20M
	securityContext:
	allowPrivilegeEscalation: false
	capabilities:
	drop:
	- ALL
	privileged: false
	runAsNonRoot: true
	seccompProfile:
	type: RuntimeDefault
	terminationMessagePath: /dev/termination-log
	terminationMessagePolicy: File
	volumeMounts:
	- mountPath: /drop/
	name: sleeper
	- args:
	- -mode
	- sleep
	command:
	- /drop/sleeper
	image: us-east4-docker.pkg.dev/mosher-workspace/tap/tap-packages-1.5.3@sha256:f506f17f15f431bce7b0efcbcc479237824106f9228669e166ecbf5acb55dd48
	imagePullPolicy: Always
	name: build-init
	resources:
	limits:
	cpu: 1m
	memory: 20M
	securityContext:
	allowPrivilegeEscalation: false
	capabilities:
	drop:
	- ALL
	privileged: false
	runAsNonRoot: true
	seccompProfile:
	type: RuntimeDefault
	terminationMessagePath: /dev/termination-log
	terminationMessagePolicy: File
	volumeMounts:
	- mountPath: /drop/
	name: sleeper
	- args:
	- -mode
	- sleep
	command:
	- /drop/sleeper
	image: us-east4-docker.pkg.dev/mosher-workspace/tap/tap-packages-1.5.3@sha256:f839f262cf638aa4994d8afeeb1a7654770cd3d3ed811ed88e661e3424f3287f
	imagePullPolicy: Always
	name: setup-ca-certs
	resources:
	limits:
	cpu: 1m
	memory: 20M
	securityContext:
	allowPrivilegeEscalation: false
	capabilities:
	drop:
	- ALL
	privileged: false
	runAsNonRoot: true
	seccompProfile:
	type: RuntimeDefault
	terminationMessagePath: /dev/termination-log
	terminationMessagePolicy: File
	volumeMounts:
	- mountPath: /drop/
	name: sleeper
	- args:
	- -mode
	- sleep
	command:
	- /drop/sleeper
	image: us-east4-docker.pkg.dev/mosher-workspace/tap/tap-packages-1.5.3@sha256:db41a2d916ebcdbe06e349609dc08d27d2fe4d2f5b7bc5a99178207f3e9759da
	imagePullPolicy: Always
	name: stackify
	resources:
	limits:
	cpu: 1m
	memory: 20M
	securityContext:
	allowPrivilegeEscalation: false
	capabilities:
	drop:
	- ALL
	privileged: false
	runAsNonRoot: true
	seccompProfile:
	type: RuntimeDefault
	terminationMessagePath: /dev/termination-log
	terminationMessagePolicy: File
	volumeMounts:
	- mountPath: /drop/
	name: sleeper
	dnsPolicy: ClusterFirst
	imagePullSecrets:
	- name: tbs-install-pull-secret
	initContainers:
	- args:
	- -mode
	- copy
	- -to
	- /drop/sleeper
	image: us-east4-docker.pkg.dev/mosher-workspace/tap/tap-packages-1.5.3@sha256:4ab684196a3d1ea0f7e901a82d687ffe8b9ef5fdb3f1acd7fc4874891277fc1b
	imagePullPolicy: IfNotPresent
	name: sleeper
	resources:
	limits:
	cpu: 1m
	memory: 20M
	securityContext:
	allowPrivilegeEscalation: false
	capabilities:
	drop:
	- ALL
	privileged: false
	runAsNonRoot: true
	seccompProfile:
	type: RuntimeDefault
	terminationMessagePath: /dev/termination-log
	terminationMessagePolicy: File
	volumeMounts:
	- mountPath: /drop/
	name: sleeper
	nodeSelector:
	kubernetes.io/os: linux
	restartPolicy: Always
	schedulerName: default-scheduler
	securityContext:
	runAsNonRoot: true
	seccompProfile:
	type: RuntimeDefault
	serviceAccount: build-service-daemonset-serviceaccount
	serviceAccountName: build-service-daemonset-serviceaccount
	terminationGracePeriodSeconds: 30
	volumes:
	- emptyDir: {}
	name: sleeper
	updateStrategy:
	rollingUpdate:
	maxSurge: 0
	maxUnavailable: 1
	type: RollingUpdate