apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

labels:
- pairs:
    app.kubernetes.io/instance: kubelet-csr-approver

resources:
- clusterrole.yaml
- deployment.yaml
- rolebinding.yaml
- serviceaccount.yaml

patches:
- patch: |-
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: kubelet-csr-approver
      namespace: kube-system
    spec:
      template:
        spec:
          containers:
          - name: kubelet-csr-approver
            imagePullPolicy: IfNotPresent
            env:
            - name: PROVIDER_REGEX
              value: ^(i-[a-z0-9]+\.[a-z0-9-]+\.compute\.internal|k8s-[a-z0-9-]+\.pyrocufflink\.blue|[a-z0-9-]+\.k8s\.pyrocufflink\.black)$
            - name: PROVIDER_IP_PREFIXES
              value: 172.30.0.0/16
            - name: BYPASS_DNS_RESOLUTION
              value: 'true'

replicas:
- name: kubelet-csr-approver
  count: 1

images:
- name: postfinance/kubelet-csr-approver
  newName: ghcr.io/postfinance/kubelet-csr-approver
  newTag: v1.2.10