28 lines
828 B
YAML
28 lines
828 B
YAML
# This patch inject a sidecar container which is a HTTP proxy for the
|
|
# controller che-operator, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: che-operator
|
|
namespace: system
|
|
spec:
|
|
template:
|
|
spec:
|
|
containers:
|
|
- name: kube-rbac-proxy
|
|
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0
|
|
imagePullPolicy: Always
|
|
args:
|
|
- "--secure-listen-address=0.0.0.0:8443"
|
|
- "--upstream=http://127.0.0.1:60000/"
|
|
- "--logtostderr=true"
|
|
- "--v=10"
|
|
ports:
|
|
- containerPort: 8443
|
|
name: https
|
|
- name: che-operator
|
|
args:
|
|
- "--health-probe-bind-address=:6789"
|
|
- "--metrics-bind-address=127.0.0.1:60000"
|
|
- "--leader-elect"
|