github.com/kotalco/kotal@v0.3.0/config/default/manager_auth_proxy_patch.yaml

github.com/kotalco/kotal@v0.3.0/config/default/manager_auth_proxy_patch.yaml (about)

     1  # This patch inject a sidecar container which is a HTTP proxy for the
     2  # controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
     3  apiVersion: apps/v1
     4  kind: Deployment
     5  metadata:
     6    name: controller-manager
     7    namespace: system
     8  spec:
     9    template:
    10      spec:
    11        containers:
    12          - name: kube-rbac-proxy
    13            image: gcr.io/kubebuilder/kube-rbac-proxy:v0.11.0
    14            args:
    15              - "--secure-listen-address=0.0.0.0:8443"
    16              - "--upstream=http://127.0.0.1:8080/"
    17              - "--logtostderr=true"
    18              - "--v=0"
    19            ports:
    20              - containerPort: 8443
    21                protocol: TCP
    22                name: https
    23            resources:
    24              limits:
    25                cpu: 500m
    26                memory: 128Mi
    27              requests:
    28                cpu: 5m
    29                memory: 64Mi
    30          - name: manager
    31            args:
    32              - "--health-probe-bind-address=:8081"
    33              - "--metrics-bind-address=127.0.0.1:8080"
    34              - "--leader-elect"