Fix: Deployment explicit UID 1000 for anyuid SCC support

2026-02-02 03:25:13 +00:00
parent f53209203a
commit 776f97605e
1 changed files with 60 additions and 27 deletions
--- a/manifests/deployment.yaml
+++ b/manifests/deployment.yaml
@@ -2,7 +2,6 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: clawdbox
  namespace: clawdbox
  labels:
    app: clawdbox
 spec:
@@ -17,31 +16,65 @@ spec:
      labels:
        app: clawdbox
    spec:
      serviceAccountName: default
      containers:
-        - name: clawdbox
+      - name: clawdbox
-          image: default-route-openshift-image-registry.apps.lab.apilab.us/clawdbox/clawdbox:latest
+        image: image-registry.openshift-image-registry.svc:5000/park/clawdbox:latest
-          imagePullPolicy: Always
+        imagePullPolicy: Always
-          ports:
+        ports:
-            - containerPort: 2222
+        - containerPort: 2222
-              name: ssh
+          name: ssh
-          volumeMounts:
+        volumeMounts:
-            - mountPath: /data
+        - mountPath: /data
-              name: data-volume
+          name: data-volume
-            - mountPath: /home/claw/.ssh
+        - mountPath: /home/claw/.ssh
-              name: ssh-keys
+          name: ssh-keys
-          resources:
+        resources:
-            limits:
+          limits:
-              memory: "2Gi"
+            memory: "2Gi"
-              cpu: "1000m"
+            cpu: "1000m"
-            requests:
+          requests:
-              memory: "512Mi"
+            memory: "512Mi"
-              cpu: "250m"
+            cpu: "250m"
-          securityContext: {}
+        securityContext:
          runAsUser: 1000
          runAsGroup: 1000
          fsGroup: 1000
          allowPrivilegeEscalation: false
          capabilities:
            drop: ["ALL"]
          seccompProfile:
            type: RuntimeDefault
      volumes:
-        - name: data-volume
+      - name: data-volume
-          persistentVolumeClaim:
+        persistentVolumeClaim:
-            claimName: clawdbox-pvc
+          claimName: clawdbox-pvc
-        - name: ssh-keys
+      - name: ssh-keys
-          secret:
+        secret:
-            secretName: clawdbox-ssh-keys
+          secretName: clawdbox-ssh-keys
-            defaultMode: 0600
+          defaultMode: 0600
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: clawdbox
  labels:
    app: clawdbox
 spec:
  ports:
  - port: 2222
    targetPort: 2222
    name: ssh
  selector:
    app: clawdbox
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
  name: clawdbox-pvc
 spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 10Gi