sigs.k8s.io/cluster-api-provider-azure@v1.17.0/config/manager/manager.yaml

sigs.k8s.io/cluster-api-provider-azure@v1.17.0/config/manager/manager.yaml (about)

     1  apiVersion: apps/v1
     2  kind: Deployment
     3  metadata:
     4    name: controller-manager
     5    namespace: system
     6    labels:
     7      control-plane: capz-controller-manager
     8  
     9  spec:
    10    selector:
    11      matchLabels:
    12        control-plane: capz-controller-manager
    13    replicas: 1
    14    template:
    15      metadata:
    16        labels:
    17          control-plane: capz-controller-manager
    18          azure.workload.identity/use: "true"
    19        annotations:
    20          kubectl.kubernetes.io/default-container: manager
    21      spec:
    22        containers:
    23          - args:
    24              - --leader-elect
    25              - "--diagnostics-address=${CAPZ_DIAGNOSTICS_ADDRESS:=:8443}"
    26              - "--insecure-diagnostics=${CAPZ_INSECURE_DIAGNOSTICS:=false}"
    27              - "--feature-gates=MachinePool=${EXP_MACHINE_POOL:=false},AKSResourceHealth=${EXP_AKS_RESOURCE_HEALTH:=false},EdgeZone=${EXP_EDGEZONE:=false},ASOAPI=${EXP_ASO_API:=true}"
    28              - "--v=0"
    29            image: controller:latest
    30            imagePullPolicy: Always
    31            name: manager
    32            volumeMounts:
    33              - mountPath: /var/run/secrets/azure/tokens
    34                name: azure-identity-token
    35                readOnly: true
    36            ports:
    37              - containerPort: 9440
    38                name: healthz
    39                protocol: TCP
    40              - containerPort: 8443
    41                name: metrics
    42                protocol: TCP
    43            readinessProbe:
    44              httpGet:
    45                path: /readyz
    46                port: healthz
    47              initialDelaySeconds: 10
    48              periodSeconds: 10
    49            livenessProbe:
    50              httpGet:
    51                path: /healthz
    52                port: healthz
    53              initialDelaySeconds: 10
    54              periodSeconds: 10
    55            env:
    56            - name: NODE_NAME
    57              valueFrom:
    58                fieldRef:
    59                  fieldPath: spec.nodeName
    60            - name: POD_NAME
    61              valueFrom:
    62                fieldRef:
    63                  fieldPath: metadata.name
    64            - name: POD_NAMESPACE
    65              valueFrom:
    66                fieldRef:
    67                  fieldPath: metadata.namespace
    68            securityContext:
    69              allowPrivilegeEscalation: false
    70              capabilities:
    71                drop:
    72                - ALL
    73              runAsUser: 65532
    74              runAsGroup: 65532
    75        securityContext:
    76          runAsNonRoot: true
    77          seccompProfile:
    78            type: RuntimeDefault
    79        terminationGracePeriodSeconds: 10
    80        serviceAccountName: manager
    81        tolerations:
    82          - effect: NoSchedule
    83            key: node-role.kubernetes.io/master
    84          - effect: NoSchedule
    85            key: node-role.kubernetes.io/control-plane
    86        volumes:
    87        - name: azure-identity-token
    88          projected:
    89            defaultMode: 420
    90            sources:
    91            - serviceAccountToken:
    92                audience: api://AzureADTokenExchange
    93                expirationSeconds: 3600
    94                path: azure-identity-token