1# This patch inject a sidecar container which is a HTTP proxy for the
2# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
3apiVersion: apps/v1
4kind: Deployment
5metadata:
6 name: controller-manager
7 namespace: system
8spec:
9 template:
10 spec:
11 containers:
12 - name: kube-rbac-proxy
13 image: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0
14 args:
15 - "--secure-listen-address=0.0.0.0:8443"
16 - "--upstream=http://127.0.0.1:8080/"
17 - "--logtostderr=true"
18 - "--v=10"
19 ports:
20 - containerPort: 8443
21 name: https
22 - name: manager
23 imagePullPolicy: IfNotPresent
24 args:
25 - "--health-probe-bind-address=:8081"
26 - "--metrics-bind-address=127.0.0.1:8080"
27 - "--leader-elect"
View as plain text