cloud-provider-stackit/deploy/application-load-balancer-controller-manager/deployment.yaml at 158e383fd96228b78ca320ab859c3da48621ed70 · stackitcloud/cloud-provider-stackit · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: kube-system
  name: stackit-application-load-balancer-controller-manager
  labels:
    app: stackit-application-load-balancer-controller-manager
spec:
  replicas: 2
  strategy:
    type: RollingUpdate
  selector:
    matchLabels:
      app: stackit-application-load-balancer-controller-manager
      networking.gardener.cloud/from-seed: allowed # Allow traffic from seed to shoot for webhook calls
      networking.gardener.cloud/to-dns: allowed # Allow traffic to CoreDNS for webhook calls
      networking.gardener.cloud/to-apiserver: allowed # Allow traffic to API server for webhook calls
  template:
    metadata:
      labels:
        app: stackit-application-load-balancer-controller-manager
    spec:
      serviceAccountName: stackit-application-load-balancer-controller-manager
      terminationGracePeriodSeconds: 30
      containers:
      - name: stackit-application-load-balancer-controller-manager
        # TODO(jamand): Adapt image tag
        image: ghcr.io/stackitcloud/cloud-provider-stackit/stackit-application-load-balancer-controller-manager:XXX
        args:
        - "--authorization-always-allow-paths=/metrics"
        - "--leader-elect=true"
        - "--leader-elect-resource-name=stackit-application-load-balancer-controller-manager"
        - "--enable-http2"
        - "--metrics-bind-address=8080"
        - "--secureMetrics=false"
        # TODO(jamand): Check webhook cert + enableHTTP2 flag
        env:
        - name: STACKIT_SERVICE_ACCOUNT_KEY_PATH
          value: /etc/serviceaccount/sa_key.json
        ports:
        - containerPort: 8080
          hostPort: 8080
          name: metrics
          protocol: TCP
        - containerPort: 8081
          hostPort: 8081
          name: probe
          protocol: TCP
        - containerPort: 9443
          name: webhook
          protocol: TCP
        resources:
          limits:
            cpu: "0.5"
            memory: 500Mi
          requests:
            cpu: "0.1"
            memory: 100Mi
        volumeMounts:
        - mountPath: /etc/serviceaccount
          name: cloud-secret
        - mountPath: /tmp/k8s-webhook-server/serving-certs
          name: webhook-cert
          readOnly: true
      volumes:
      - name: cloud-secret
        secret:
          secretName: stackit-cloud-secret
      - name: webhook-cert
        secret:
          secretName: stackit-application-load-balancer-controller-manager-webhook-cert