apiVersion: apps/v1 kind: Deployment metadata: name: acrpull namespace: {{ .Values.namespace }} labels: app.kubernetes.io/name: acrpull app.kubernetes.io/managed-by: Helm spec: selector: matchLabels: app.kubernetes.io/name: acrpull replicas: {{ .Values.replicas }} template: metadata: labels: app.kubernetes.io/name: acrpull spec: securityContext: runAsNonRoot: true containers: - command: - /manager args: - "--health-probe-bind-address=:8081" - "--metrics-bind-address=127.0.0.1:8080" - "--leader-elect" - "--ttl-rotation-fraction={{ .Values.ttlRotationFraction }}" image: "{{ .Values.image }}" name: acrpull-controller ports: - containerPort: 8080 protocol: TCP name: metrics securityContext: runAsNonRoot: true seccompProfile: type: RuntimeDefault allowPrivilegeEscalation: false capabilities: drop: - "ALL" readOnlyRootFilesystem: true runAsUser: 1000 runAsGroup: 3000 livenessProbe: httpGet: path: /healthz port: 8081 initialDelaySeconds: 15 periodSeconds: 20 readinessProbe: httpGet: path: /readyz port: 8081 initialDelaySeconds: 5 periodSeconds: 10 resources: limits: cpu: 100m memory: 100Mi requests: cpu: 100m memory: 20Mi serviceAccountName: acrpull terminationGracePeriodSeconds: 10 {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }}