github.com/1aal/kubeblocks@v0.0.0-20231107070852-e1c03e598921/config/default/manager_auth_proxy_patch.yaml (about) 1 # This patch inject a sidecar container which is a HTTP proxy for the 2 # controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. 3 apiVersion: apps/v1 4 kind: Deployment 5 metadata: 6 name: controller-manager 7 namespace: system 8 spec: 9 template: 10 spec: 11 containers: 12 - name: kube-rbac-proxy 13 securityContext: 14 allowPrivilegeEscalation: false 15 capabilities: 16 drop: 17 - "ALL" 18 image: gcr.io/kubebuilder/kube-rbac-proxy:v0.12.0 19 args: 20 - "--secure-listen-address=0.0.0.0:8443" 21 - "--upstream=http://127.0.0.1:8080/" 22 - "--logtostderr=true" 23 - "--v=0" 24 ports: 25 - containerPort: 8443 26 protocol: TCP 27 name: https 28 resources: 29 limits: 30 cpu: 500m 31 memory: 128Mi 32 requests: 33 cpu: 5m 34 memory: 64Mi 35 - name: manager 36 args: 37 - "--health-probe-bind-address=:8081" 38 - "--metrics-bind-address=127.0.0.1:8080" 39 - "--leader-elect"