cmd/sapientwindex: configure resource limits and security things

Signed-off-by: Xe Iaso <me@xeiaso.net>
author: Xe Iaso <me@xeiaso.net> 2024-05-10 10:16:57 -0400
committer: Xe Iaso <me@xeiaso.net> 2024-05-10 10:17:04 -0400
commit: bfbdae3266e1c1e022aaaa5908fe849043b0fc9a (patch)
tree: 6dd91420bdcf436be0143d4528fb57411f445ddd /cmd/sapientwindex
parent: a5e69149a9762d873d4e214f124d81be856164ef (diff)
download: x-bfbdae3266e1c1e022aaaa5908fe849043b0fc9a.tar.xz
x-bfbdae3266e1c1e022aaaa5908fe849043b0fc9a.zip
1 files changed, 17 insertions, 0 deletions
diff --git a/cmd/sapientwindex/manifest.yaml b/cmd/sapientwindex/manifest.yaml
index b5cc412..829a98b 100644
--- a/cmd/sapientwindex/manifest.yaml
+++ b/cmd/sapientwindex/manifest.yaml
@@ -21,6 +21,23 @@ spec:
         - name: bot
           image: ghcr.io/xe/x/sapientwindex:latest
           imagePullPolicy: "Always"
+          resources:
+            limits:
+              cpu: "500m"
+              memory: "512Mi"
+            requests:
+              cpu: "100m"
+              memory: "256Mi"
+          securityContext:
+            runAsUser: 1000
+            runAsGroup: 1000
+            runAsNonRoot: true
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           env:
             - name: REDDIT_USERNAME
               valueFrom:
author	Xe Iaso <me@xeiaso.net>	2024-05-10 10:16:57 -0400
committer	Xe Iaso <me@xeiaso.net>	2024-05-10 10:17:04 -0400
commit	bfbdae3266e1c1e022aaaa5908fe849043b0fc9a (patch)
tree	6dd91420bdcf436be0143d4528fb57411f445ddd /cmd/sapientwindex
parent	a5e69149a9762d873d4e214f124d81be856164ef (diff)
download	x-bfbdae3266e1c1e022aaaa5908fe849043b0fc9a.tar.xz x-bfbdae3266e1c1e022aaaa5908fe849043b0fc9a.zip