64 lines
2.0 KiB
YAML
64 lines
2.0 KiB
YAML
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/instance: external-secrets
|
|
app.kubernetes.io/name: external-secrets-cert-controller
|
|
app.kubernetes.io/version: v0.15.1
|
|
name: external-secrets-cert-controller
|
|
namespace: external-secrets
|
|
spec:
|
|
replicas: 1
|
|
revisionHistoryLimit: 10
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/instance: external-secrets
|
|
app.kubernetes.io/name: external-secrets-cert-controller
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/instance: external-secrets
|
|
app.kubernetes.io/name: external-secrets-cert-controller
|
|
app.kubernetes.io/version: v0.15.1
|
|
spec:
|
|
automountServiceAccountToken: true
|
|
containers:
|
|
- args:
|
|
- certcontroller
|
|
- --crd-requeue-interval=5m
|
|
- --service-name=external-secrets-webhook
|
|
- --service-namespace=external-secrets
|
|
- --secret-name=external-secrets-webhook
|
|
- --secret-namespace=external-secrets
|
|
- --metrics-addr=:8080
|
|
- --healthz-addr=:8081
|
|
- --loglevel=info
|
|
- --zap-time-encoding=epoch
|
|
- --enable-partial-cache=true
|
|
image: oci.external-secrets.io/external-secrets/external-secrets:v0.15.1
|
|
imagePullPolicy: IfNotPresent
|
|
name: cert-controller
|
|
ports:
|
|
- containerPort: 8080
|
|
name: metrics
|
|
protocol: TCP
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /readyz
|
|
port: 8081
|
|
initialDelaySeconds: 20
|
|
periodSeconds: 5
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
readOnlyRootFilesystem: true
|
|
runAsNonRoot: true
|
|
runAsUser: 1000
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
hostNetwork: false
|
|
serviceAccountName: external-secrets-cert-controller
|