apiVersion: apps/v1
kind: Deployment
metadata:
  name: openclaw
spec:
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: openclaw
  template:
    metadata:
      labels:
        app: openclaw
    spec:
      volumes:
      - name: data
        hostPath:
          path: /data/openclaw
          type: ""
      - name: projects
        hostPath:
          path: /data/code-server/coder
          type: DirectoryOrCreate
      - name: tmp
        emptyDir: {}
      containers:
      - name: openclaw
        # ghcr.io/openclaw/openclaw:2026.5.7-slim
        image: openclaw-image
        env:
        - name: PATH
          value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/home/node/.local/bin
        envFrom:
        - secretRef:
            name: openclaw
            optional: true
        resources:
          limits:
            memory: "4Gi"
            cpu: "2"
          requests:
            memory: "128Mi"
            cpu: "500m"
        command:
        - node
        - /app/dist/index.js
        - gateway
        - run
        volumeMounts:
        - name: data
          mountPath: /home/node
        - name: projects
          mountPath: /home/node/.openclaw/workspace/Projects
        - name: tmp
          mountPath: /tmp
        livenessProbe:
          httpGet:
            path: /healthz
            port: 18789
            scheme: HTTP
          initialDelaySeconds: 60
          periodSeconds: 30
          timeoutSeconds: 10
          failureThreshold: 3
        readinessProbe:
          httpGet:
            path: /readyz
            port: 18789
            scheme: HTTP
          initialDelaySeconds: 15
          periodSeconds: 10
          timeoutSeconds: 5
        securityContext:
          runAsNonRoot: true
          runAsUser: 1000
          runAsGroup: 1000
          allowPrivilegeEscalation: false
          readOnlyRootFilesystem: true
          capabilities:
            drop:
              - ALL