From bfbdae3266e1c1e022aaaa5908fe849043b0fc9a Mon Sep 17 00:00:00 2001
From: Xe Iaso <me@xeiaso.net>
Date: Fri, 10 May 2024 10:16:57 -0400
Subject: cmd/sapientwindex: configure resource limits and security things

Signed-off-by: Xe Iaso <me@xeiaso.net>
---
 cmd/sapientwindex/manifest.yaml | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

(limited to 'cmd')

diff --git a/cmd/sapientwindex/manifest.yaml b/cmd/sapientwindex/manifest.yaml
index b5cc412..829a98b 100644
--- a/cmd/sapientwindex/manifest.yaml
+++ b/cmd/sapientwindex/manifest.yaml
@@ -21,6 +21,23 @@ spec:
         - name: bot
           image: ghcr.io/xe/x/sapientwindex:latest
           imagePullPolicy: "Always"
+          resources:
+            limits:
+              cpu: "500m"
+              memory: "512Mi"
+            requests:
+              cpu: "100m"
+              memory: "256Mi"
+          securityContext:
+            runAsUser: 1000
+            runAsGroup: 1000
+            runAsNonRoot: true
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           env:
             - name: REDDIT_USERNAME
               valueFrom:
-- 
cgit v1.2.3