1 # This patch inject a sidecar container which is a HTTP proxy for the
2 # controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
6 name: controller-manager
12 - name: kube-rbac-proxy
14 allowPrivilegeEscalation: false
18 image: gcr.io/kubebuilder/kube-rbac-proxy:v0.14.1
20 - "--secure-listen-address=0.0.0.0:8443"
21 - "--upstream=http://127.0.0.1:8080/"
22 - "--logtostderr=true"
37 - "--health-probe-bind-address=:8081"
38 - "--metrics-bind-address=127.0.0.1:8080"