mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-12-23 14:39:40 -05:00
51cf638361
Signed-off-by: Malte Poll <mp@edgeless.systems>
92 lines
2.3 KiB
YAML
92 lines
2.3 KiB
YAML
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
labels:
|
|
control-plane: controller-manager
|
|
name: system
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: controller-manager
|
|
namespace: system
|
|
labels:
|
|
control-plane: controller-manager
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
control-plane: controller-manager
|
|
replicas: 1
|
|
template:
|
|
metadata:
|
|
annotations:
|
|
kubectl.kubernetes.io/default-container: manager
|
|
labels:
|
|
control-plane: controller-manager
|
|
spec:
|
|
securityContext:
|
|
runAsUser: 0 # required to read etcd certs and keys from /etc/kubernetes/pki
|
|
containers:
|
|
- command:
|
|
- /manager
|
|
args:
|
|
- --leader-elect
|
|
image: controller:latest
|
|
name: manager
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /healthz
|
|
port: 8081
|
|
initialDelaySeconds: 15
|
|
periodSeconds: 20
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /readyz
|
|
port: 8081
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 10
|
|
volumeMounts:
|
|
- mountPath: /etc/kubernetes/pki/etcd
|
|
name: etcd-certs
|
|
- mountPath: /etc/azure
|
|
name: azureconfig
|
|
readOnly: true
|
|
- mountPath: /etc/gce
|
|
name: gceconf
|
|
readOnly: true
|
|
resources:
|
|
limits:
|
|
cpu: 500m
|
|
memory: 128Mi
|
|
requests:
|
|
cpu: 10m
|
|
memory: 64Mi
|
|
volumes:
|
|
- name: etcd-certs
|
|
hostPath:
|
|
path: /etc/kubernetes/pki/etcd
|
|
type: Directory
|
|
- name: azureconfig
|
|
secret:
|
|
secretName: azureconfig
|
|
optional: true
|
|
- name: gceconf
|
|
configMap:
|
|
name: gceconf
|
|
optional: true
|
|
nodeSelector:
|
|
node-role.kubernetes.io/control-plane: ""
|
|
imagePullSecrets:
|
|
- name: constellation-pull # workaround until https://github.com/operator-framework/operator-lifecycle-manager/issues/2682 is fixed
|
|
tolerations:
|
|
- effect: NoSchedule
|
|
key: node-role.kubernetes.io/control-plane
|
|
operator: Exists
|
|
- effect: NoSchedule
|
|
key: node-role.kubernetes.io/master
|
|
operator: Exists
|
|
serviceAccountName: controller-manager
|
|
terminationGracePeriodSeconds: 10
|