탐색 도움말
로그인
k8s.io
/
cronjob
2
0
포크 0
파일 이슈 0 풀 리퀘스트 0 위키
트리: b227b183e3
브랜치 태그
cronjob
/
config
/
default
/
manager_auth_proxy_patch.yaml

manager_auth_proxy_patch.yaml 1.6 KB
히스토리 Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455 
  1. # This patch inject a sidecar container which is a HTTP proxy for the
    2. 

  2. # controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
    3. 

  3. apiVersion: apps/v1
    4. 

  4. kind: Deployment
    5. 

  5. metadata:
    6. 

  6.   name: controller-manager
    7. 

  7.   namespace: system
    8. 

  8. spec:
    9. 

  9.   template:
    10. 

  10.     spec:
    11. 

  11.       affinity:
    12. 

  12.         nodeAffinity:
    13. 

  13.           requiredDuringSchedulingIgnoredDuringExecution:
    14. 

  14.             nodeSelectorTerms:
    15. 

  15.               - matchExpressions:
    16. 

  16.                 - key: kubernetes.io/arch
    17. 

  17.                   operator: In
    18. 

  18.                   values:
    19. 

  19.                     - amd64
    20. 

  20.                     - arm64
    21. 

  21.                     - ppc64le
    22. 

  22.                     - s390x
    23. 

  23.                 - key: kubernetes.io/os
    24. 

  24.                   operator: In
    25. 

  25.                   values:
    26. 

  26.                     - linux
    27. 

  27.       containers:
    28. 

  28.       - name: kube-rbac-proxy
    29. 

  29.         securityContext:
    30. 

  30.           allowPrivilegeEscalation: false
    31. 

  31.           capabilities:
    32. 

  32.             drop:
    33. 

  33.               - "ALL"
    34. 

  34.         image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1
    35. 

  35.         args:
    36. 

  36.         - "--secure-listen-address=0.0.0.0:8443"
    37. 

  37.         - "--upstream=http://127.0.0.1:8080/"
    38. 

  38.         - "--logtostderr=true"
    39. 

  39.         - "--v=0"
    40. 

  40.         ports:
    41. 

  41.         - containerPort: 8443
    42. 

  42.           protocol: TCP
    43. 

  43.           name: https
    44. 

  44.         resources:
    45. 

  45.           limits:
    46. 

  46.             cpu: 500m
    47. 

  47.             memory: 128Mi
    48. 

  48.           requests:
    49. 

  49.             cpu: 5m
    50. 

  50.             memory: 64Mi
    51. 

  51.       - name: manager
    52. 

  52.         args:
    53. 

  53.         - "--health-probe-bind-address=:8081"
    54. 

  54.         - "--metrics-bind-address=127.0.0.1:8080"
    55. 

  55.         - "--leader-elect"
    56.