apiVersion: v1 kind: Namespace metadata: labels: control-plane: gateway-api-controller name: aws-application-networking-system --- apiVersion: apps/v1 kind: Deployment metadata: name: gateway-api-controller namespace: aws-application-networking-system labels: control-plane: gateway-api-controller spec: selector: matchLabels: control-plane: gateway-api-controller replicas: 2 template: metadata: annotations: kubectl.kubernetes.io/default-container: manager labels: control-plane: gateway-api-controller spec: securityContext: runAsNonRoot: true containers: - command: - /manager args: - --leader-elect image: controller:latest name: manager securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true livenessProbe: httpGet: path: /healthz port: 8081 initialDelaySeconds: 15 periodSeconds: 20 readinessProbe: httpGet: path: /readyz port: 8081 initialDelaySeconds: 5 periodSeconds: 10 env: - name: WEBHOOK_ENABLED value: "" # TODO(user): Configure the resources accordingly based on the project requirements. # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ resources: limits: cpu: 500m memory: 128Mi requests: cpu: 10m memory: 64Mi volumeMounts: - mountPath: /etc/webhook-cert name: webhook-cert readOnly: true serviceAccountName: gateway-api-controller terminationGracePeriodSeconds: 10 volumes: - name: webhook-cert secret: defaultMode: 420 secretName: webhook-cert --- # placeholder secret so volume can mount successfully and controller can start # populated during make-deploy. Will not pass validations (no CA, expires after 1 day, wrong DNS names) apiVersion: v1 kind: Secret metadata: name: webhook-cert namespace: aws-application-networking-system type: kubernetes.io/tls data: tls.crt: Cg== tls.key: Cg==