Página inicial Explorar Ajuda
Registrar Entrar
wan
/
nodb
1
0
Fork 0
Arquivos Issues 0 Pull Requests 0 Wiki
Tree: 8dc6f98d29
Branches Tags
nodb
/
config
/
default
/
manager_auth_proxy_patch.yaml

manager_auth_proxy_patch.yaml 1.1 KB
Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839 
  1. # This patch inject a sidecar container which is a HTTP proxy for the
    2. 

  2. # controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
    3. 

  3. apiVersion: apps/v1
    4. 

  4. kind: Deployment
    5. 

  5. metadata:
    6. 

  6.   name: controller-manager
    7. 

  7.   namespace: system
    8. 

  8. spec:
    9. 

  9.   template:
    10. 

  10.     spec:
    11. 

  11.       containers:
    12. 

  12.       - name: kube-rbac-proxy
    13. 

  13.         securityContext:
    14. 

  14.           allowPrivilegeEscalation: false
    15. 

  15.           capabilities:
    16. 

  16.             drop:
    17. 

  17.               - "ALL"
    18. 

  18.         image: gcr.io/kubebuilder/kube-rbac-proxy:v0.14.1
    19. 

  19.         args:
    20. 

  20.         - "--secure-listen-address=0.0.0.0:8443"
    21. 

  21.         - "--upstream=http://127.0.0.1:8080/"
    22. 

  22.         - "--logtostderr=true"
    23. 

  23.         - "--v=0"
    24. 

  24.         ports:
    25. 

  25.         - containerPort: 8443
    26. 

  26.           protocol: TCP
    27. 

  27.           name: https
    28. 

  28.         resources:
    29. 

  29.           limits:
    30. 

  30.             cpu: 500m
    31. 

  31.             memory: 128Mi
    32. 

  32.           requests:
    33. 

  33.             cpu: 5m
    34. 

  34.             memory: 64Mi
    35. 

  35.       - name: manager
    36. 

  36.         args:
    37. 

  37.         - "--health-probe-bind-address=:8081"
    38. 

  38.         - "--metrics-bind-address=127.0.0.1:8080"
    39. 

  39.         - "--leader-elect"
    40.