Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / e8b2f010c0f4f3a3e459ac68596f42ee5c104682^! / . / core / ns-controller / config / manager / manager.yaml
commite8b2f010c0f4f3a3e459ac68596f42ee5c104682[log] [tgz]
authorGiorgi Lekveishvili <lekva@gl-mbp-m1-max.local>Thu Nov 30 19:05:03 2023 +0400
committerGiorgi Lekveishvili <lekva@gl-mbp-m1-max.local>Thu Nov 30 19:05:03 2023 +0400
tree1659e3879b67b801dd70928ab768814f828edcff
parent724885f1f6e7cc78bc0b00612579221687f76a09 [diff] [blame]
dns-zone-controller: with env-manager generating dnssec key and zone records

diff --git a/core/ns-controller/config/manager/manager.yaml b/core/ns-controller/config/manager/manager.yaml
new file mode 100644
index 0000000..878ad48
--- /dev/null
+++ b/core/ns-controller/config/manager/manager.yaml

@@ -0,0 +1,70 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    control-plane: controller-manager
+  name: system
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+  labels:
+    control-plane: controller-manager
+spec:
+  selector:
+    matchLabels:
+      control-plane: controller-manager
+  replicas: 1
+  template:
+    metadata:
+      annotations:
+        kubectl.kubernetes.io/default-container: manager
+      labels:
+        control-plane: controller-manager
+    spec:
+      securityContext:
+        runAsNonRoot: true
+        # TODO(user): For common cases that do not require escalating privileges
+        # it is recommended to ensure that all your Pods/Containers are restrictive.
+        # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
+        # Please uncomment the following code if your project does NOT have to work on old Kubernetes
+        # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ).
+        # seccompProfile:
+        #   type: RuntimeDefault
+      containers:
+      - command:
+        - /manager
+        args:
+        - --leader-elect
+        image: controller:latest
+        name: manager
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+              - "ALL"
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 8081
+          initialDelaySeconds: 15
+          periodSeconds: 20
+        readinessProbe:
+          httpGet:
+            path: /readyz
+            port: 8081
+          initialDelaySeconds: 5
+          periodSeconds: 10
+        # TODO(user): Configure the resources accordingly based on the project requirements.
+        # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+        resources:
+          limits:
+            cpu: 500m
+            memory: 128Mi
+          requests:
+            cpu: 10m
+            memory: 64Mi
+      serviceAccountName: controller-manager
+      terminationGracePeriodSeconds: 10