feat: implement pod-specific secret injection for DaemonSets with automated lifecycle management

deploy/test-ds.yaml

@@ -0,0 +1,68 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: test-daemonset
+  namespace: gps-system
+spec:
+  selector:
+    matchLabels:
+      app: test-daemonset
+  template:
+    metadata:
+      labels:
+        app: test-daemonset
+    spec:
+      serviceAccountName: test-ds-sa
+      terminationGracePeriodSeconds: 0
+      containers:
+      - name: test-client
+        image: REPO_PLACEHOLDER/test-client:latest
+        env:
+        - name: POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: NODE_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: spec.nodeName
+        command: ["/bin/sh", "-c"]
+        args:
+        - |
+          /app/test-client --namespace=$(POD_NAMESPACE) --secret=$(POD_NAME)
+          echo "Test client finished. Sleeping forever..."
+          sleep infinity
+        volumeMounts:
+        - name: kubeconfig
+          mountPath: /var/lib/kubelet/kubeconfig
+          readOnly: true
+        - name: gke-bin
+          mountPath: /home/kubernetes/bin
+          readOnly: true
+        - name: pki
+          mountPath: /etc/srv/kubernetes/pki
+          readOnly: true
+        - name: kubelet-pki
+          mountPath: /var/lib/kubelet/pki
+          readOnly: true
+      volumes:
+      - name: kubeconfig
+        hostPath:
+          path: /var/lib/kubelet/kubeconfig
+          type: File
+      - name: gke-bin
+        hostPath:
+          path: /home/kubernetes/bin
+          type: Directory
+      - name: pki
+        hostPath:
+          path: /etc/srv/kubernetes/pki
+          type: Directory
+      - name: kubelet-pki
+        hostPath:
+          path: /var/lib/kubelet/pki
+          type: Directory