capa-controller-manager Deployment

capa-controller-manager-dep.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    cluster.x-k8s.io/provider: infrastructure-aws
    clusterctl.cluster.x-k8s.io: ""
    control-plane: capa-controller-manager
  name: capa-controller-manager
  namespace: capa-system
spec:
  progressDeadlineSeconds: 600
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      cluster.x-k8s.io/provider: infrastructure-aws
      control-plane: capa-controller-manager
  strategy:
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 25%
    type: RollingUpdate
  template:
    metadata:
      annotations:
        iam.amazonaws.com/role: ""
      creationTimestamp: null
      labels:
        cluster.x-k8s.io/provider: infrastructure-aws
        control-plane: capa-controller-manager
    spec:
      affinity:
        nodeAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
          - preference:
              matchExpressions:
              - key: node-role.kubernetes.io/control-plane
                operator: Exists
            weight: 10
          - preference:
              matchExpressions:
              - key: node-role.kubernetes.io/master
                operator: Exists
            weight: 10
      containers:
      - args:
        - --leader-elect
        - --feature-gates=EKS=true,ROSA=true,EKSEnableIAM=false,EKSAllowAddRoles=false,EKSFargate=false,MachinePool=false,EventBridgeInstanceState=false,AutoControllerIdentityCreator=true,BootstrapFormatIgnition=false,ExternalResourceGC=false,AlternativeGCStrategy=false,TagUnmanagedNetworkResources=true
        - --v=0
        - --metrics-bind-addr=0.0.0.0:8080
        env:
        - name: OCM_TOKEN
          value: "token"
        - name: OCM_API_URL
          value: "https://api.stage.openshift.com"
        - name: AWS_SHARED_CREDENTIALS_FILE
          value: /home/.aws/credentials
        image: registry.k8s.io/cluster-api-aws/cluster-api-aws-controller:v2.3.1
        imagePullPolicy: IfNotPresent
        livenessProbe:
          failureThreshold: 3
          httpGet:
            path: /healthz
            port: healthz
            scheme: HTTP
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        name: manager
        ports:
        - containerPort: 9443
          name: webhook-server
          protocol: TCP
        - containerPort: 9440
          name: healthz
          protocol: TCP
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /readyz
            port: healthz
            scheme: HTTP
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        resources: {}
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
          runAsGroup: 65532
          runAsUser: 65532
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        volumeMounts:
        - mountPath: /tmp/k8s-webhook-server/serving-certs
          name: cert
          readOnly: true
        - mountPath: /home/.aws
          name: credentials
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext:
        fsGroup: 1000
        runAsNonRoot: true
        seccompProfile:
          type: RuntimeDefault
      serviceAccount: capa-controller-manager
      serviceAccountName: capa-controller-manager
      terminationGracePeriodSeconds: 10
      tolerations:
      - effect: NoSchedule
        key: node-role.kubernetes.io/master
      - effect: NoSchedule
        key: node-role.kubernetes.io/control-plane
      volumes:
      - name: cert
        secret:
          defaultMode: 420
          secretName: capa-webhook-service-cert
      - name: credentials
        secret:
          defaultMode: 420
          secretName: capa-manager-bootstrap-credentials