 fba17f625e
			
		
	
	fba17f625e
	
	
	
		
			
			* Follow-up commit of https://review.opendev.org/c/airship/airshipctl/+/766228 for CAPD Change-Id: I9aa2e012ff27bce90ad8fb9630a697d6123b971f Relates-To: #431
		
			
				
	
	
		
			27 lines
		
	
	
		
			780 B
		
	
	
	
		
			YAML
		
	
	
	
	
	
			
		
		
	
	
			27 lines
		
	
	
		
			780 B
		
	
	
	
		
			YAML
		
	
	
	
	
	
| # This patch inject a sidecar container which is a HTTP proxy for the controller manager,
 | |
| # it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
 | |
| apiVersion: apps/v1
 | |
| kind: Deployment
 | |
| metadata:
 | |
|   name: controller-manager
 | |
|   namespace: system
 | |
| spec:
 | |
|   template:
 | |
|     spec:
 | |
|       containers:
 | |
|       - name: kube-rbac-proxy
 | |
|         image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0
 | |
|         args:
 | |
|         - "--secure-listen-address=0.0.0.0:8443"
 | |
|         - "--upstream=http://127.0.0.1:8080/"
 | |
|         - "--logtostderr=true"
 | |
|         - "--v=10"
 | |
|         ports:
 | |
|         - containerPort: 8443
 | |
|           name: https
 | |
|       - name: manager
 | |
|         args:
 | |
|         - "--feature-gates=MachinePool=${EXP_MACHINE_POOL:=false}"
 | |
|         - "--metrics-addr=0"
 | |
|         - "-v=4"
 |