apiVersion: apps/v1
kind: Deployment
metadata:
  name: clawdbox
  namespace: clawdbox
  labels:
    app: clawdbox
spec:
  replicas: 1
  selector:
    matchLabels:
      app: clawdbox
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: clawdbox
    spec:
      serviceAccountName: clawd-sa
      initContainers:
        - name: volume-permissions
          image: docker.io/alpine:latest
          command:
            - sh
            - -c
            - "chown -R 1000:0 /data && chmod -R 775 /data"
          volumeMounts:
            - name: data-volume
              mountPath: /data
      containers:
        - name: clawdbox
          image: default-route-openshift-image-registry.apps.lab.apilab.us/clawdbox/clawdbox:latest
          imagePullPolicy: Always
          ports:
            - containerPort: 2222
              name: ssh
          volumeMounts:
            - mountPath: /data
              name: data-volume
            - mountPath: /home/claw/.ssh
              name: ssh-keys
          resources:
            limits:
              memory: "2Gi"
              cpu: "1000m"
            requests:
              memory: "512Mi"
              cpu: "250m"
          securityContext:
            runAsUser: 1000
            runAsGroup: 1000
            fsGroup: 1000
            allowPrivilegeEscalation: false
            capabilities:
              drop: ["ALL"]
      volumes:
        - name: data-volume
          persistentVolumeClaim:
            claimName: clawdbox-pvc
        - name: ssh-keys
          secret:
            secretName: clawdbox-ssh-keys
            defaultMode: 0600