apiVersion: apps/v1 kind: Deployment metadata: name: controller-manager namespace: system spec: template: spec: nodeSelector: "kubernetes.io/os": linux containers: # Change the value of image field below to your controller image URL - image: localhost:5000/azureserviceoperator:latest name: manager env: - name: GOMEMLIMIT value: 400MiB # This should be set to ~80-90% of the hard memory limit on the pod - name: AZURE_CLIENT_ID valueFrom: secretKeyRef: name: aso-controller-settings key: AZURE_CLIENT_ID - name: AZURE_CLIENT_SECRET valueFrom: secretKeyRef: name: aso-controller-settings key: AZURE_CLIENT_SECRET optional: true - name: AZURE_TENANT_ID valueFrom: secretKeyRef: name: aso-controller-settings key: AZURE_TENANT_ID - name: AZURE_ADDITIONAL_TENANTS valueFrom: secretKeyRef: name: aso-controller-settings key: AZURE_ADDITIONAL_TENANTS optional: true - name: AZURE_USER_ASSIGNED_IDENTITY_CREDENTIALS valueFrom: secretKeyRef: name: aso-controller-settings key: AZURE_USER_ASSIGNED_IDENTITY_CREDENTIALS optional: true - name: AZURE_SUBSCRIPTION_ID valueFrom: secretKeyRef: name: aso-controller-settings key: AZURE_SUBSCRIPTION_ID - name: AZURE_CLIENT_CERTIFICATE valueFrom: secretKeyRef: name: aso-controller-settings key: AZURE_CLIENT_CERTIFICATE optional: true - name: AZURE_CLIENT_CERTIFICATE_PASSWORD valueFrom: secretKeyRef: name: aso-controller-settings key: AZURE_CLIENT_CERTIFICATE_PASSWORD optional: true - name: AZURE_AUTHORITY_HOST valueFrom: secretKeyRef: name: aso-controller-settings key: AZURE_AUTHORITY_HOST optional: true - name: AZURE_RESOURCE_MANAGER_ENDPOINT valueFrom: secretKeyRef: name: aso-controller-settings key: AZURE_RESOURCE_MANAGER_ENDPOINT optional: true - name: AZURE_RESOURCE_MANAGER_AUDIENCE valueFrom: secretKeyRef: name: aso-controller-settings key: AZURE_RESOURCE_MANAGER_AUDIENCE optional: true - name: AZURE_TARGET_NAMESPACES valueFrom: secretKeyRef: name: aso-controller-settings key: AZURE_TARGET_NAMESPACES optional: true - name: AZURE_OPERATOR_MODE valueFrom: secretKeyRef: name: aso-controller-settings key: AZURE_OPERATOR_MODE optional: true - name: AZURE_SYNC_PERIOD valueFrom: secretKeyRef: name: aso-controller-settings key: AZURE_SYNC_PERIOD optional: true - name: USE_WORKLOAD_IDENTITY_AUTH valueFrom: secretKeyRef: key: USE_WORKLOAD_IDENTITY_AUTH name: aso-controller-settings optional: true - name: AZURE_USER_AGENT_SUFFIX valueFrom: secretKeyRef: key: AZURE_USER_AGENT_SUFFIX name: aso-controller-settings optional: true - name: MAX_CONCURRENT_RECONCILES valueFrom: secretKeyRef: key: MAX_CONCURRENT_RECONCILES name: aso-controller-settings optional: true - name: RATE_LIMIT_MODE valueFrom: secretKeyRef: key: RATE_LIMIT_MODE name: aso-controller-settings optional: true - name: RATE_LIMIT_QPS valueFrom: secretKeyRef: key: RATE_LIMIT_QPS name: aso-controller-settings optional: true - name: RATE_LIMIT_BUCKET_SIZE valueFrom: secretKeyRef: key: RATE_LIMIT_BUCKET_SIZE name: aso-controller-settings optional: true - name: DEFAULT_RECONCILE_POLICY valueFrom: secretKeyRef: key: DEFAULT_RECONCILE_POLICY name: aso-controller-settings optional: true # Used for setting the operator-namespace annotation (and # for aad-pod-identity once we support it). - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace