mirror of
https://github.com/ansible/awx-operator.git
synced 2026-03-26 21:33:14 +00:00
7d2d1b3c5e
* Upgrade to Operator SDK 1.16.0 * Upgrade Operator SDK to v1.22.2 & bump base image version
42 lines
1.2 KiB
YAML
42 lines
1.2 KiB
YAML
# This patch inject a sidecar container which is a HTTP proxy for the
|
|
# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: controller-manager
|
|
namespace: system
|
|
spec:
|
|
template:
|
|
spec:
|
|
containers:
|
|
- name: kube-rbac-proxy
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
# TODO(user): uncomment for common cases that do not require escalating privileges
|
|
# capabilities:
|
|
# drop:
|
|
# - "ALL"
|
|
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.11.0
|
|
args:
|
|
- "--secure-listen-address=0.0.0.0:8443"
|
|
- "--upstream=http://127.0.0.1:8080/"
|
|
- "--logtostderr=true"
|
|
- "--v=0"
|
|
ports:
|
|
- containerPort: 8443
|
|
protocol: TCP
|
|
name: https
|
|
resources:
|
|
limits:
|
|
cpu: 500m
|
|
memory: 128Mi
|
|
requests:
|
|
cpu: 5m
|
|
memory: 64Mi
|
|
- name: awx-manager
|
|
args:
|
|
- "--health-probe-bind-address=:6789"
|
|
- "--metrics-bind-address=127.0.0.1:8080"
|
|
- "--leader-elect"
|
|
- "--leader-election-id=awx-operator"
|