github.com/1aal/kubeblocks@v0.0.0-20231107070852-e1c03e598921/config/default/manager_auth_proxy_patch.yaml

github.com/1aal/kubeblocks@v0.0.0-20231107070852-e1c03e598921/config/default/manager_auth_proxy_patch.yaml (about)

     1  # This patch inject a sidecar container which is a HTTP proxy for the
     2  # controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
     3  apiVersion: apps/v1
     4  kind: Deployment
     5  metadata:
     6    name: controller-manager
     7    namespace: system
     8  spec:
     9    template:
    10      spec:
    11        containers:
    12        - name: kube-rbac-proxy
    13          securityContext:
    14            allowPrivilegeEscalation: false
    15            capabilities:
    16              drop:
    17                - "ALL"
    18          image: gcr.io/kubebuilder/kube-rbac-proxy:v0.12.0
    19          args:
    20          - "--secure-listen-address=0.0.0.0:8443"
    21          - "--upstream=http://127.0.0.1:8080/"
    22          - "--logtostderr=true"
    23          - "--v=0"
    24          ports:
    25          - containerPort: 8443
    26            protocol: TCP
    27            name: https
    28          resources:
    29            limits:
    30              cpu: 500m
    31              memory: 128Mi
    32            requests:
    33              cpu: 5m
    34              memory: 64Mi
    35        - name: manager
    36          args:
    37          - "--health-probe-bind-address=:8081"
    38          - "--metrics-bind-address=127.0.0.1:8080"
    39          - "--leader-elect"