apiVersion: apps/v1 kind: Deployment metadata: name: controller-manager namespace: system spec: template: spec: containers: - name: manager ports: - containerPort: 9443 name: webhook-server protocol: TCP volumeMounts: - mountPath: /var/run/secrets/tokens name: azure-identity readOnly: true - mountPath: /tmp/k8s-webhook-server/serving-certs name: cert readOnly: true volumes: - name: cert secret: defaultMode: 420 secretName: webhook-server-cert - name: azure-identity projected: defaultMode: 420 sources: - serviceAccountToken: audience: api://AzureADTokenExchange expirationSeconds: 3600 path: azure-identity