github.com/redhat-appstudio/release-service@v0.0.0-20240507143925-083712697924/config/default/manager_auth_proxy_patch.yaml (about) 1 # This patch inject a sidecar container which is a HTTP proxy for the 2 # controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. 3 apiVersion: apps/v1 4 kind: Deployment 5 metadata: 6 name: controller-manager 7 namespace: system 8 spec: 9 template: 10 spec: 11 containers: 12 - name: kube-rbac-proxy 13 image: gcr.io/kubebuilder/kube-rbac-proxy:v0.15.0 14 args: 15 - "--secure-listen-address=0.0.0.0:8443" 16 - "--upstream=http://127.0.0.1:8080/" 17 - "--logtostderr=true" 18 - "--http2-disable" 19 - "--v=0" 20 ports: 21 - containerPort: 8443 22 protocol: TCP 23 name: https 24 resources: 25 limits: 26 cpu: 500m 27 memory: 128Mi 28 requests: 29 cpu: 5m 30 memory: 64Mi 31 securityContext: 32 readOnlyRootFilesystem: true 33 - name: manager 34 args: 35 - "--health-probe-bind-address=:8081" 36 - "--metrics-bind-address=127.0.0.1:8080" 37 - "--leader-elect"