apiVersion: apps/v1 kind: Deployment metadata: name: openclaw spec: strategy: type: Recreate selector: matchLabels: app: openclaw template: metadata: labels: app: openclaw spec: volumes: - name: data hostPath: path: /data/openclaw - name: tools hostPath: path: /data/openclaw/tools - name: projects hostPath: path: /data/code-server/coder type: DirectoryOrCreate - name: tmp emptyDir: {} containers: - name: openclaw # ghcr.io/openclaw/openclaw:2026.5.7-slim image: openclaw-image env: - name: PATH value: /home/node/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin resources: limits: memory: "4Gi" cpu: "2" requests: memory: "128Mi" cpu: "500m" command: - node - /app/dist/index.js - gateway - run volumeMounts: - mountPath: /home/node/.openclaw name: data - mountPath: /home/node/.openclaw/workspace/Projects name: projects - mountPath: /home/node/.local name: tools - mountPath: /tmp name: tmp livenessProbe: exec: command: - node - -e - "require('http').get('http://127.0.0.1:18789/healthz', r => process.exit(r.statusCode < 400 ? 0 : 1)).on('error', () => process.exit(1))" initialDelaySeconds: 60 periodSeconds: 30 timeoutSeconds: 10 readinessProbe: exec: command: - node - -e - "require('http').get('http://127.0.0.1:18789/readyz', r => process.exit(r.statusCode < 400 ? 0 : 1)).on('error', () => process.exit(1))" initialDelaySeconds: 15 periodSeconds: 10 timeoutSeconds: 5 securityContext: runAsNonRoot: true runAsUser: 1000 runAsGroup: 1000 allowPrivilegeEscalation: false readOnlyRootFilesystem: true capabilities: drop: - ALL