...
1# Copyright 2022 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15apiVersion: v1
16kind: ServiceAccount
17metadata:
18 name: controller-manager
19---
20apiVersion: v1
21kind: Service
22metadata:
23 name: manager
24 labels:
25 cnrm.cloud.google.com/monitored: "true"
26 annotations:
27 prometheus.io/scrape: 'true'
28 prometheus.io/port: '8888'
29spec:
30 selector:
31 cnrm.cloud.google.com/component: cnrm-controller-manager
32 ports:
33 - port: 443
34 name: controller-manager
35 - port: 8888
36 name: metrics
37---
38apiVersion: apps/v1
39kind: StatefulSet
40metadata:
41 name: controller-manager
42 labels:
43 cnrm.cloud.google.com/component: cnrm-controller-manager
44spec:
45 selector:
46 matchLabels:
47 cnrm.cloud.google.com/component: cnrm-controller-manager
48 serviceName: manager
49 template:
50 metadata:
51 labels:
52 cnrm.cloud.google.com/component: cnrm-controller-manager
53 spec:
54 serviceAccountName: controller-manager
55 containers:
56 - command:
57 - /configconnector/manager
58 args: ["--prometheus-scrape-endpoint=:8888"]
59 image: controller:latest
60 imagePullPolicy: Always
61 name: manager
62 ports:
63 # Port used for readiness probe
64 - containerPort: 23232
65 resources:
66 limits:
67 memory: 512Mi
68 requests:
69 # This value was tuned to run on a GKE cluster with
70 # default node settings. Increasing this value may
71 # result in a backwards-incompatible change that breaks
72 # add-on updates by not allowing new versions to schedule themselves.
73 cpu: 100m
74 memory: 512Mi
75 securityContext:
76 privileged: false
77 runAsUser: 1000
78 runAsNonRoot: true
79 allowPrivilegeEscalation: false
80 readinessProbe:
81 httpGet:
82 path: /ready
83 port: 23232
84 initialDelaySeconds: 7
85 periodSeconds: 3
86 enableServiceLinks: false
87 terminationGracePeriodSeconds: 10
View as plain text