40 lines
1.1 KiB
YAML
40 lines
1.1 KiB
YAML
#
|
|
# Copyright (c) 2019-2021 Red Hat, Inc.
|
|
# This program and the accompanying materials are made
|
|
# available under the terms of the Eclipse Public License 2.0
|
|
# which is available at https://www.eclipse.org/legal/epl-2.0/
|
|
#
|
|
# SPDX-License-Identifier: EPL-2.0
|
|
#
|
|
# Contributors:
|
|
# Red Hat, Inc. - initial API and implementation
|
|
#
|
|
|
|
# This patch inject a sidecar container which is a HTTP proxy for the
|
|
# controller che-operator, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: che-operator
|
|
namespace: system
|
|
spec:
|
|
template:
|
|
spec:
|
|
containers:
|
|
- name: kube-rbac-proxy
|
|
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0
|
|
imagePullPolicy: Always
|
|
args:
|
|
- "--secure-listen-address=0.0.0.0:8443"
|
|
- "--upstream=http://127.0.0.1:60000/"
|
|
- "--logtostderr=true"
|
|
- "--v=10"
|
|
ports:
|
|
- containerPort: 8443
|
|
name: https
|
|
- name: che-operator
|
|
args:
|
|
- "--health-probe-bind-address=:6789"
|
|
- "--metrics-bind-address=127.0.0.1:60000"
|
|
- "--leader-elect"
|