github.com/metaprov/modela-operator@v0.0.0-20240118193048-f378be8b74d2/config/default/manager_auth_proxy_patch.yaml (about) 1 # This patch inject a sidecar container which is a HTTP proxy for the 2 # controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. 3 apiVersion: apps/v1 4 kind: Deployment 5 metadata: 6 name: controller-manager 7 namespace: system 8 spec: 9 template: 10 spec: 11 containers: 12 - name: kube-rbac-proxy 13 securityContext: 14 allowPrivilegeEscalation: false 15 # TODO(user): uncomment for common cases that do not require escalating privileges 16 # capabilities: 17 # drop: 18 # - "ALL" 19 image: gcr.io/kubebuilder/kube-rbac-proxy:v0.11.0 20 args: 21 - "--secure-listen-address=0.0.0.0:8443" 22 - "--upstream=http://127.0.0.1:8080/" 23 - "--logtostderr=true" 24 - "--v=0" 25 ports: 26 - containerPort: 8443 27 protocol: TCP 28 name: https 29 resources: 30 limits: 31 cpu: 500m 32 memory: 128Mi 33 requests: 34 cpu: 5m 35 memory: 64Mi 36 - name: manager 37 args: 38 - "--health-probe-bind-address=:8081" 39 - "--metrics-bind-address=127.0.0.1:8080" 40 - "--leader-elect"