---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app.kubernetes.io/component: background-controller
    app.kubernetes.io/instance: kyverno
    app.kubernetes.io/part-of: kyverno
    app.kubernetes.io/version: 3.4.1
  name: kyverno-background-controller
  namespace: kyverno
spec:
  replicas: null
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app.kubernetes.io/component: background-controller
      app.kubernetes.io/instance: kyverno
      app.kubernetes.io/part-of: kyverno
  strategy:
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 40%
    type: RollingUpdate
  template:
    metadata:
      labels:
        app.kubernetes.io/component: background-controller
        app.kubernetes.io/instance: kyverno
        app.kubernetes.io/part-of: kyverno
        app.kubernetes.io/version: 3.4.1
    spec:
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
            - podAffinityTerm:
                labelSelector:
                  matchExpressions:
                    - key: app.kubernetes.io/component
                      operator: In
                      values:
                        - background-controller
                topologyKey: kubernetes.io/hostname
              weight: 1
      containers:
        - args:
            - --disableMetrics=false
            - --otelConfig=prometheus
            - --metricsPort=8000
            - --resyncPeriod=15m
            - --enableConfigMapCaching=true
            - --enableDeferredLoading=true
            - --maxAPICallResponseLength=2000000
            - --loggingFormat=text
            - --v=2
            - --omitEvents=PolicyApplied,PolicySkipped
            - --enablePolicyException=false
            - --enableReporting=validate,mutate,mutateExisting,imageVerify,generate
          env:
            - name: KYVERNO_SERVICEACCOUNT_NAME
              value: kyverno-background-controller
            - name: KYVERNO_DEPLOYMENT
              value: kyverno-background-controller
            - name: INIT_CONFIG
              value: kyverno
            - name: METRICS_CONFIG
              value: kyverno-metrics
            - name: KYVERNO_POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: KYVERNO_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
          image: ghcr.io/kyverno/background-controller:v1.14.1
          imagePullPolicy: IfNotPresent
          name: controller
          ports:
            - containerPort: 9443
              name: https
              protocol: TCP
            - containerPort: 8000
              name: metrics
              protocol: TCP
          resources:
            limits:
              memory: 128Mi
            requests:
              cpu: 100m
              memory: 64Mi
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop:
                - ALL
            privileged: false
            readOnlyRootFilesystem: true
            runAsNonRoot: true
            seccompProfile:
              type: RuntimeDefault
      dnsPolicy: ClusterFirst
      serviceAccountName: kyverno-background-controller