metadata:
  annotations:
    io.kubernetes.cri-o.TrySkipVolumeSELinuxLabel: 'true'
spec:
  containers:
  - name: build
    image: git.pyrocufflink.net/containerimages/buildroot
    resources:
      limits: &resources
        cpu: 6
        memory: 12Gi
      requests: *resources
    volumeMounts:
    - mountPath: /etc/ssh/ssh_known_hosts
      name: ssh-known-hosts
      subPath: ssh_known_hosts
  securityContext:
    fsGroupChangePolicy: OnRootMismatch
    seLinuxOptions:
      level: s0:c596,c675
  volumes:
  - name: ssh-known-hosts
    configMap:
      name: ssh-known-hosts