apiVersion: v1 kind: Namespace metadata: labels: pod-security.kubernetes.io/warn: restricted pod-security.kubernetes.io/warn-version: latest pod-security.kubernetes.io/audit: restricted pod-security.kubernetes.io/audit-version: latest pod-security.kubernetes.io/enforce: restricted pod-security.kubernetes.io/enforce-version: latest name: system --- apiVersion: apps/v1 kind: Deployment metadata: name: controller-manager namespace: system labels: {} spec: selector: matchLabels: {} replicas: 2 template: metadata: labels: {} spec: serviceAccountName: admin containers: - command: - /manager args: - --log-level=info image: manager:latest imagePullPolicy: IfNotPresent name: manager securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsUser: 65532 runAsGroup: 65532 runAsNonRoot: true seccompProfile: type: RuntimeDefault capabilities: drop: - ALL ports: - containerPort: 9440 name: healthz protocol: TCP readinessProbe: httpGet: path: /readyz port: healthz initialDelaySeconds: 5 periodSeconds: 5 livenessProbe: httpGet: path: /healthz port: healthz initialDelaySeconds: 15 periodSeconds: 20 failureThreshold: 6 resources: limits: cpu: 100m memory: 30Mi requests: cpu: 100m memory: 20Mi env: - name: POD_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace envFrom: - configMapRef: name: azure-wi-webhook-config nodeSelector: kubernetes.io/os: linux priorityClassName: system-cluster-critical