github.com/argoproj-labs/argocd-operator@v0.10.0/config/default/manager_auth_proxy_patch.yaml

github.com/argoproj-labs/argocd-operator@v0.10.0/config/default/manager_auth_proxy_patch.yaml (about)

     1  # This patch inject a sidecar container which is a HTTP proxy for the
     2  # controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
     3  apiVersion: apps/v1
     4  kind: Deployment
     5  metadata:
     6    name: controller-manager
     7    namespace: system
     8  spec:
     9    template:
    10      spec:
    11        containers:
    12        - name: kube-rbac-proxy
    13          image: gcr.io/kubebuilder/kube-rbac-proxy@sha256:db06cc4c084dd0253134f156dddaaf53ef1c3fb3cc809e5d81711baa4029ea4c
    14          args:
    15          - "--secure-listen-address=0.0.0.0:8443"
    16          - "--upstream=http://127.0.0.1:8080/"
    17          - "--logtostderr=true"
    18          - "--v=10"
    19          ports:
    20          - containerPort: 8443
    21            name: https
    22        - name: manager
    23          args:
    24          - "--health-probe-bind-address=:8081"
    25          - "--metrics-bind-address=127.0.0.1:8080"
    26          - "--leader-elect"
    27          securityContext:
    28            capabilities:
    29              drop:
    30              - ALL
    31            allowPrivilegeEscalation: false
    32            readOnlyRootFilesystem: true 
    33            runAsNonRoot: true