| Giorgi Lekveishvili | e8b2f01 | 2023-11-30 19:05:03 +0400 | [diff] [blame] | 1 | apiVersion: v1 |
| 2 | kind: Namespace |
| 3 | metadata: |
| 4 | labels: |
| 5 | control-plane: controller-manager |
| 6 | name: system |
| 7 | --- |
| 8 | apiVersion: apps/v1 |
| 9 | kind: Deployment |
| 10 | metadata: |
| 11 | name: controller-manager |
| 12 | namespace: system |
| 13 | labels: |
| 14 | control-plane: controller-manager |
| 15 | spec: |
| 16 | selector: |
| 17 | matchLabels: |
| 18 | control-plane: controller-manager |
| 19 | replicas: 1 |
| 20 | template: |
| 21 | metadata: |
| 22 | annotations: |
| 23 | kubectl.kubernetes.io/default-container: manager |
| 24 | labels: |
| 25 | control-plane: controller-manager |
| 26 | spec: |
| 27 | securityContext: |
| 28 | runAsNonRoot: true |
| 29 | # TODO(user): For common cases that do not require escalating privileges |
| 30 | # it is recommended to ensure that all your Pods/Containers are restrictive. |
| 31 | # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted |
| 32 | # Please uncomment the following code if your project does NOT have to work on old Kubernetes |
| 33 | # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ). |
| 34 | # seccompProfile: |
| 35 | # type: RuntimeDefault |
| 36 | containers: |
| 37 | - command: |
| 38 | - /manager |
| 39 | args: |
| 40 | - --leader-elect |
| 41 | image: controller:latest |
| 42 | name: manager |
| 43 | securityContext: |
| 44 | allowPrivilegeEscalation: false |
| 45 | capabilities: |
| 46 | drop: |
| 47 | - "ALL" |
| 48 | livenessProbe: |
| 49 | httpGet: |
| 50 | path: /healthz |
| 51 | port: 8081 |
| 52 | initialDelaySeconds: 15 |
| 53 | periodSeconds: 20 |
| 54 | readinessProbe: |
| 55 | httpGet: |
| 56 | path: /readyz |
| 57 | port: 8081 |
| 58 | initialDelaySeconds: 5 |
| 59 | periodSeconds: 10 |
| 60 | # TODO(user): Configure the resources accordingly based on the project requirements. |
| 61 | # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
| 62 | resources: |
| 63 | limits: |
| 64 | cpu: 500m |
| 65 | memory: 128Mi |
| 66 | requests: |
| 67 | cpu: 10m |
| 68 | memory: 64Mi |
| 69 | serviceAccountName: controller-manager |
| 70 | terminationGracePeriodSeconds: 10 |