From 657ec5f9f8c75c03bef78b39185d43a6a803b11b Mon Sep 17 00:00:00 2001 From: chemavx Date: Thu, 26 Mar 2026 17:03:51 +0000 Subject: [PATCH] Add openclaw/deployments.yaml --- openclaw/deployments.yaml | 209 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 209 insertions(+) create mode 100644 openclaw/deployments.yaml diff --git a/openclaw/deployments.yaml b/openclaw/deployments.yaml new file mode 100644 index 0000000..21179b1 --- /dev/null +++ b/openclaw/deployments.yaml @@ -0,0 +1,209 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + deployment.kubernetes.io/revision: '35' + meta.helm.sh/release-name: openclaw + meta.helm.sh/release-namespace: openclaw + labels: + app.kubernetes.io/instance: openclaw + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: openclaw + app.kubernetes.io/version: 2026.3.2 + helm.sh/chart: openclaw-0.1.13 + name: openclaw + namespace: openclaw +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 5 + selector: + matchLabels: + app.kubernetes.io/instance: openclaw + app.kubernetes.io/name: openclaw + strategy: + type: Recreate + template: + metadata: + annotations: + checksum/config: e1ce3c573c77508ddc719f952751bd9f0b6c3a40ec31cc09ae750af4a5772ed2 + checksum/secret: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + kubectl.kubernetes.io/restartedAt: '2026-03-26T10:35:24.412Z' + labels: + app.kubernetes.io/instance: openclaw + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: openclaw + app.kubernetes.io/version: 2026.3.2 + helm.sh/chart: openclaw-0.1.13 + spec: + containers: + - command: + - node + - dist/index.js + - gateway + - --bind + - lan + - --port + - '18789' + env: + - name: HOME + value: /home/openclaw + - name: TZ + value: UTC + envFrom: + - secretRef: + name: openclaw-secrets + image: ghcr.io/openclaw/openclaw:2026.3.2 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + tcpSocket: + port: gateway + timeoutSeconds: 5 + name: openclaw + ports: + - containerPort: 18789 + name: gateway + protocol: TCP + - containerPort: 18793 + name: canvas + protocol: TCP + readinessProbe: + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + tcpSocket: + port: gateway + timeoutSeconds: 5 + resources: + limits: + cpu: 800m + memory: 2Gi + requests: + cpu: 300m + memory: 512Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: false + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + startupProbe: + failureThreshold: 72 + initialDelaySeconds: 5 + periodSeconds: 5 + successThreshold: 1 + tcpSocket: + port: gateway + timeoutSeconds: 5 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /home/openclaw/.openclaw + name: data + - command: + - chromium-browser + - --headless + - --disable-gpu + - --disable-software-rasterizer + - --disable-dev-shm-usage + - --no-sandbox + - --remote-debugging-address=0.0.0.0 + - --remote-debugging-port=9222 + image: zenika/alpine-chrome:124 + imagePullPolicy: IfNotPresent + name: chromium + ports: + - containerPort: 9222 + name: cdp + protocol: TCP + resources: + limits: + cpu: '1' + memory: 1Gi + requests: + cpu: 100m + memory: 256Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /dev/shm + name: dshm + dnsPolicy: ClusterFirst + initContainers: + - command: + - /bin/sh + - -c + - "mkdir -p /home/openclaw/.openclaw\nif [ \"overwrite\" = \"merge\" ] &&\ + \ [ -f /home/openclaw/.openclaw/openclaw.json ]; then\n # Merge: existing\ + \ config as base, helm config overwrites\n node -e \"\n const fs = require('fs');\n\ + \ const existing = JSON.parse(fs.readFileSync('/home/openclaw/.openclaw/openclaw.json',\ + \ 'utf8'));\n const helm = JSON.parse(fs.readFileSync('/config/openclaw.json',\ + \ 'utf8'));\n const deepMerge = (target, source) => {\n for (const\ + \ key of Object.keys(source)) {\n if (source[key] && typeof source[key]\ + \ === 'object' && !Array.isArray(source[key])) {\n target[key]\ + \ = target[key] || {};\n deepMerge(target[key], source[key]);\n\ + \ } else {\n target[key] = source[key];\n }\n \ + \ }\n return target;\n };\n const merged = deepMerge(existing,\ + \ helm);\n fs.writeFileSync('/home/openclaw/.openclaw/openclaw.json',\ + \ JSON.stringify(merged, null, 2));\n \"\nelse\n cp /config/openclaw.json\ + \ /home/openclaw/.openclaw/openclaw.json\nfi\nchown -R 1000:1000 /home/openclaw/.openclaw\n" + image: ghcr.io/openclaw/openclaw:2026.3.2 + imagePullPolicy: IfNotPresent + name: init-config + resources: {} + securityContext: + runAsNonRoot: false + runAsUser: 0 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /home/openclaw/.openclaw + name: data + - mountPath: /config + name: config + readOnly: true + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + serviceAccount: openclaw + serviceAccountName: openclaw + terminationGracePeriodSeconds: 30 + volumes: + - configMap: + defaultMode: 420 + name: openclaw + name: config + - name: data + persistentVolumeClaim: + claimName: openclaw + - emptyDir: + medium: Memory + sizeLimit: 1Gi + name: dshm +