xappKubernetesOperator/config/default/manager_auth_proxy_patch.yaml

   1 # This patch inject a sidecar container which is a HTTP proxy for the
   2 # controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
   3 apiVersion: apps/v1
   4 kind: Deployment
   5 metadata:
   6   name: controller-manager
   7   namespace: system
   8 spec:
   9   template:
  10     spec:
  11       containers:
  12       - name: kube-rbac-proxy
  13         securityContext:
  14           allowPrivilegeEscalation: false
  15           capabilities:
  16             drop:
  17               - "ALL"
  18         image: gcr.io/kubebuilder/kube-rbac-proxy:v0.14.1
  19         args:
  20         - "--secure-listen-address=0.0.0.0:8443"
  21         - "--upstream=http://127.0.0.1:8080/"
  22         - "--logtostderr=true"
  23         - "--v=0"
  24         ports:
  25         - containerPort: 8443
  26           protocol: TCP
  27           name: https
  28         resources:
  29           limits:
  30             cpu: 500m
  31             memory: 128Mi
  32           requests:
  33             cpu: 5m
  34             memory: 64Mi
  35       - name: manager
  36         args:
  37         - "--health-probe-bind-address=:8081"
  38         - "--metrics-bind-address=127.0.0.1:8080"
  39         - "--leader-elect"