Fix: Add dedicated ServiceAccount claw-sa, remove seccompProfile, simplify securityContext

2026-02-02 03:52:45 +00:00
parent d86d95dcfd
commit 34b794cca2
1 changed files with 64 additions and 36 deletions
--- a/manifests/deployment.yaml
+++ b/manifests/deployment.yaml
@@ -1,8 +1,13 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: claw-sa
+  namespace: clawdbox
+---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: clawdbox
-  namespace: clawdbox
  labels:
    app: clawdbox
 spec:
@@ -17,10 +22,10 @@ spec:
      labels:
        app: clawdbox
    spec:
-      serviceAccountName: clawd-sa
+      serviceAccountName: claw-sa
      containers:
      - name: clawdbox
-          image: default-route-openshift-image-registry.apps.lab.apilab.us/clawdbox/clawdbox:latest
+        image: image-registry.openshift-image-registry.svc:5000/clawdbox/clawdbox:latest
        imagePullPolicy: Always
        ports:
        - containerPort: 2222
@@ -44,8 +49,6 @@ spec:
          allowPrivilegeEscalation: false
          capabilities:
            drop: ["ALL"]
-            seccompProfile:
-              type: RuntimeDefault
      volumes:
      - name: data-volume
        persistentVolumeClaim:
@@ -54,3 +57,28 @@ spec:
        secret:
          secretName: clawdbox-ssh-keys
          defaultMode: 0600
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: clawdbox
+  labels:
+    app: clawdbox
+spec:
+  ports:
+  - port: 2222
+    targetPort: 2222
+    name: ssh
+  selector:
+    app: clawdbox
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: clawdbox-pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi