cscott/ClawdBox
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Harden deployment probes/fsGroup and align README runtime config

Browse Source
This commit is contained in:
Conan Scott
2026-03-07 22:18:51 +11:00
parent 6e72483dca
commit 900f8f23aa
2 changed files with 24 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@@ -36,14 +36,14 @@ This container provides a stable, tool-rich environment for the AI agent to:
- name: clawdbox - name: clawdbox
image: clawdbox:latest image: clawdbox:latest
ports: ports:
- containerPort: 22 - containerPort: 2222
volumeMounts: volumeMounts:
- mountPath: /data - mountPath: /data
name: claw-data name: claw-data
volumes: volumes:
- name: claw-data - name: claw-data
persistentVolumeClaim: persistentVolumeClaim:
claimName: claw-pvc claimName: clawdbox-pvc
``` ```
## Access ## Access

22
manifests/deployment.yaml
View File

@@ -18,6 +18,8 @@ spec:
app: clawdbox app: clawdbox
spec: spec:
serviceAccountName: clawd-sa serviceAccountName: clawd-sa
securityContext:
fsGroup: 1000
initContainers: initContainers:
- name: setup-ssh - name: setup-ssh
image: docker.io/alpine:latest image: docker.io/alpine:latest
@@ -60,6 +62,25 @@ spec:
ports: ports:
- containerPort: 2222 - containerPort: 2222
name: ssh name: ssh
startupProbe:
tcpSocket:
port: ssh
failureThreshold: 30
periodSeconds: 5
readinessProbe:
tcpSocket:
port: ssh
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 2
failureThreshold: 3
livenessProbe:
tcpSocket:
port: ssh
initialDelaySeconds: 15
periodSeconds: 20
timeoutSeconds: 2
failureThreshold: 3
volumeMounts: volumeMounts:
- mountPath: /data - mountPath: /data
name: data-volume name: data-volume
@@ -77,7 +98,6 @@ spec:
securityContext: securityContext:
runAsUser: 1000 runAsUser: 1000
runAsGroup: 1000 runAsGroup: 1000
fsGroup: 1000
allowPrivilegeEscalation: true allowPrivilegeEscalation: true
capabilities: capabilities:
add: ["CAP_AUDIT_WRITE"] add: ["CAP_AUDIT_WRITE"]