apiVersion: apps/v1
kind: Deployment
metadata:
  name: clawdbox
  labels:
    app: clawdbox
spec:
  replicas: 1
  selector:
    matchLabels:
      app: clawdbox
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: clawdbox
    spec:
      serviceAccountName: default
      containers:
        - name: clawdbox
          image: image-registry.openshift-image-registry.svc:5000/park/clawdbox:latest
          imagePullPolicy: Always
          ports:
            - containerPort: 2222
              name: ssh
          volumeMounts:
            - mountPath: /data
              name: data-volume
            - mountPath: /home/claw/.ssh
              name: ssh-keys
          resources:
            limits:
              memory: "2Gi"
              cpu: "1000m"
            requests:
              memory: "512Mi"
              cpu: "250m"
          securityContext:
            runAsUser: 1000
            runAsGroup: 1000
            fsGroup: 1000
            allowPrivilegeEscalation: false
            capabilities:
              drop: ["ALL"]
            seccompProfile:
              type: RuntimeDefault
      volumes:
        - name: data-volume
          persistentVolumeClaim:
            claimName: clawdbox-pvc
        - name: ssh-keys
          secret:
            secretName: clawdbox-ssh-keys
            defaultMode: 0600