blob: 1b3f96b6bf102d3afdd1fc976776bc8c8f0ebaeb (
plain) (
blame)
| 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
 | apiVersion: apps/v1
kind: Deployment
metadata:
  name: policy-bot
spec:
  replicas: 1
  selector:
    matchLabels:
      app: policy-bot
  template:
    metadata:
      labels:
        app: policy-bot
    spec:
      containers:
        - name: policy-bot
          image: palantirtechnologies/policy-bot:latest
          imagePullPolicy: Always
          resources:
            requests:
              cpu: 50m
              memory: 50Mi
            limits:
              cpu: 100m
              memory: 100Mi
          ports:
            - containerPort: 8080
          volumeMounts:
            - mountPath: /secrets
              name: policy-bot-config
          securityContext:
            readOnlyRootFilesystem: true
          envFrom:
            - secretRef:
                name: policy-bot-secrets
      volumes:
        - name: policy-bot-config
          configMap:
            name: policy-bot-defaults
      securityContext:
        fsGroup: 2000
        runAsUser: 1000
        runAsNonRoot: true
 |