spec:
  containers:
  - name: buildah
    image: quay.io/containers/buildah:v1
    command:
    - sh
    - -c
    - |
      trap 'kill $!; exit' TERM
      sleep infinity &
      wait
    securityContext:
      runAsUser: 1000
      runAsGroup: 1000
      readOnlyRootFilesystem: true
    resources:
      limits:
        github.com/fuse: 1
        cpu: 6
        memory: 8G
      requests:
        cpu: 6
        memory: 8G
    volumeMounts:
    - mountPath: /home/build
      name: tmp
      subPath: home
    - mountPath: /home/build/.local/share/containers
      name: data
      subPath: containers
    - mountPath: /tmp
      name: tmp
      subPath: tmp
    - mountPath: /var/tmp
      name: data
      subPath: tmp
  tolerations:
  - key: du5t1n.me/jenkins
  volumes:
  - name: data
    ephemeral:
      volumeClaimTemplate:
        spec:
          accessModes:
          - ReadWriteOnce
          resources:
            requests:
              storage: 16Gi
  - name: tmp
    emptyDir:
      medium: Memory