apiVersion: apps/v1 kind: Deployment metadata: name: aks-egress-controller-manager namespace: aks-egress-system labels: control-plane: controller-manager spec: selector: matchLabels: control-plane: controller-manager replicas: 1 template: metadata: annotations: kubectl.kubernetes.io/default-container: manager labels: control-plane: controller-manager spec: securityContext: runAsNonRoot: true containers: - name: kube-rbac-proxy securityContext: allowPrivilegeEscalation: false capabilities: drop: - "ALL" image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.0 args: - "--secure-listen-address=0.0.0.0:8443" - "--upstream=http://127.0.0.1:8080/" - "--logtostderr=true" - "--v=0" ports: - containerPort: 8443 protocol: TCP name: https resources: limits: cpu: 500m memory: 128Mi requests: cpu: 5m memory: 64Mi - name: manager image: {{ .Values.image.repository }}:{{ .Values.image.tag }} imagePullPolicy: {{ .Values.image.pullPolicy }} args: - "--health-probe-bind-address=:8081" - "--metrics-bind-address=127.0.0.1:8080" - "--leader-elect" envFrom: - configMapRef: name: aks-egress-controller-config-map - secretRef: name: aks-egress-controller-secret securityContext: allowPrivilegeEscalation: false capabilities: drop: - "ALL" livenessProbe: httpGet: path: /healthz port: 8081 initialDelaySeconds: 15 periodSeconds: 20 readinessProbe: httpGet: path: /readyz port: 8081 initialDelaySeconds: 5 periodSeconds: 10 # TODO(user): Configure the resources accordingly based on the project requirements. # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ resources: limits: cpu: 500m memory: 128Mi requests: cpu: 10m memory: 64Mi ports: - containerPort: 9443 name: webhook-server protocol: TCP volumeMounts: - mountPath: /tmp/k8s-webhook-server/serving-certs name: cert readOnly: true volumes: - name: cert secret: defaultMode: 420 secretName: webhook-server-cert serviceAccountName: aks-egress-controller-manager terminationGracePeriodSeconds: 10