diff --git a/manifests/deployment.yaml b/manifests/deployment.yaml index a6394d5..09916b8 100644 --- a/manifests/deployment.yaml +++ b/manifests/deployment.yaml @@ -2,7 +2,6 @@ apiVersion: apps/v1 kind: Deployment metadata: name: clawdbox - namespace: clawdbox labels: app: clawdbox spec: @@ -17,31 +16,65 @@ spec: labels: app: clawdbox spec: + serviceAccountName: default containers: - - name: clawdbox - image: default-route-openshift-image-registry.apps.lab.apilab.us/clawdbox/clawdbox:latest - imagePullPolicy: Always - ports: - - containerPort: 2222 - name: ssh - volumeMounts: - - mountPath: /data - name: data-volume - - mountPath: /home/claw/.ssh - name: ssh-keys - resources: - limits: - memory: "2Gi" - cpu: "1000m" - requests: - memory: "512Mi" - cpu: "250m" - securityContext: {} + - name: clawdbox + image: image-registry.openshift-image-registry.svc:5000/park/clawdbox:latest + imagePullPolicy: Always + ports: + - containerPort: 2222 + name: ssh + volumeMounts: + - mountPath: /data + name: data-volume + - mountPath: /home/claw/.ssh + name: ssh-keys + resources: + limits: + memory: "2Gi" + cpu: "1000m" + requests: + memory: "512Mi" + cpu: "250m" + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: RuntimeDefault volumes: - - name: data-volume - persistentVolumeClaim: - claimName: clawdbox-pvc - - name: ssh-keys - secret: - secretName: clawdbox-ssh-keys - defaultMode: 0600 + - name: data-volume + persistentVolumeClaim: + claimName: clawdbox-pvc + - name: ssh-keys + secret: + secretName: clawdbox-ssh-keys + defaultMode: 0600 +--- +apiVersion: v1 +kind: Service +metadata: + name: clawdbox + labels: + app: clawdbox +spec: + ports: + - port: 2222 + targetPort: 2222 + name: ssh + selector: + app: clawdbox +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: clawdbox-pvc +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi \ No newline at end of file