clusterforge/kaiwo/Deployment_kaiwo-controller-manager.yaml

---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app.kubernetes.io/name: kaiwo
    control-plane: kaiwo-controller-manager
  name: kaiwo-controller-manager
  namespace: kaiwo-system
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: kaiwo
      control-plane: kaiwo-controller-manager
  template:
    metadata:
      annotations:
        kubectl.kubernetes.io/default-container: manager
      labels:
        app.kubernetes.io/name: kaiwo
        control-plane: kaiwo-controller-manager
    spec:
      containers:
        - args:
            - --metrics-bind-address=:8443
            - --leader-elect
            - --health-probe-bind-address=:8081
            - --metrics-cert-path=/tmp/k8s-metrics-server/metrics-certs
            - --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs
          command:
            - /manager
          env:
            - name: DEFAULT_KAIWO_QUEUE_CONFIG_NAME
              value: kaiwo
            - name: DEFAULT_CLUSTER_QUEUE_NAME
              value: kaiwo
            - name: RESOURCE_MONITORING_ENABLED
              value: "false"
            - name: RESOURCE_MONITORING_POLLING_INTERVAL
              value: 15s
            - name: RESOURCE_MONITORING_PROMETHEUS_ENDPOINT
              value: http://prometheus-k8s.monitoring.svc.cluster.local:9090
          image: ghcr.io/silogen/kaiwo-operator:v0.1.9
          livenessProbe:
            httpGet:
              path: /healthz
              port: 8081
            initialDelaySeconds: 15
            periodSeconds: 20
          name: manager
          ports:
            - containerPort: 9443
              name: webhook-server
              protocol: TCP
          readinessProbe:
            httpGet:
              path: /readyz
              port: 8081
            initialDelaySeconds: 5
            periodSeconds: 10
          resources:
            limits:
              memory: 4Gi
            requests:
              cpu: 500m
              memory: 1Gi
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop:
                - ALL
          volumeMounts:
            - mountPath: /tmp/k8s-metrics-server/metrics-certs
              name: metrics-certs
              readOnly: true
            - mountPath: /tmp/k8s-webhook-server/serving-certs
              name: webhook-certs
              readOnly: true
      securityContext:
        runAsNonRoot: true
        seccompProfile:
          type: RuntimeDefault
      serviceAccountName: kaiwo-controller-manager
      terminationGracePeriodSeconds: 10
      volumes:
        - name: metrics-certs
          secret:
            items:
              - key: ca.crt
                path: ca.crt
              - key: tls.crt
                path: tls.crt
              - key: tls.key
                path: tls.key
            optional: false
            secretName: metrics-server-cert
        - name: webhook-certs
          secret:
            secretName: webhook-server-cert