54 lines
1.2 KiB
YAML
54 lines
1.2 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: kubelet-csr-approver
|
|
namespace: kube-system
|
|
spec:
|
|
replicas: 2
|
|
selector:
|
|
matchLabels:
|
|
app: kubelet-csr-approver
|
|
|
|
template:
|
|
metadata:
|
|
annotations:
|
|
prometheus.io/port: '8080'
|
|
prometheus.io/scrape: 'true'
|
|
labels:
|
|
app: kubelet-csr-approver
|
|
|
|
spec:
|
|
serviceAccountName: kubelet-csr-approver
|
|
containers:
|
|
- name: kubelet-csr-approver
|
|
image: postfinance/kubelet-csr-approver:latest
|
|
resources:
|
|
limits:
|
|
memory: "128Mi"
|
|
cpu: "500m"
|
|
|
|
args:
|
|
- -metrics-bind-address
|
|
- ":8080"
|
|
- -health-probe-bind-address
|
|
- ":8081"
|
|
- -leader-election
|
|
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /healthz
|
|
port: 8081
|
|
|
|
env:
|
|
- name: PROVIDER_REGEX
|
|
value: ^[abcdef]\.test\.ch$
|
|
- name: PROVIDER_IP_PREFIXES
|
|
value: "0.0.0.0/0,::/0"
|
|
- name: MAX_EXPIRATION_SEC
|
|
value: "31622400" # 366 days
|
|
|
|
tolerations:
|
|
- effect: NoSchedule
|
|
key: node-role.kubernetes.io/control-plane
|
|
operator: Equal
|