CoCalc -- manager_auth_proxy

GitHub Repository: gitpod-io/gitpod
Path: blob/main/components/ws-manager-mk2/config/default/manager_auth_proxy_patch.yaml
²⁵⁰⁰ views

1
# Copyright (c) 2022 Gitpod GmbH. All rights reserved.
2
# Licensed under the GNU Affero General Public License (AGPL).
3
# See License-AGPL.txt in the project root for license information.
4

5
# This patch inject a sidecar container which is a HTTP proxy for the
6
# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
7
apiVersion: apps/v1
8
kind: Deployment
9
metadata:
10
  name: controller-manager
11
  namespace: system
12
spec:
13
  template:
14
    spec:
15
      containers:
16
      - name: kube-rbac-proxy
17
        image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0
18
        args:
19
        - "--secure-listen-address=0.0.0.0:8443"
20
        - "--upstream=http://127.0.0.1:8080/"
21
        - "--logtostderr=true"
22
        - "--v=0"
23
        ports:
24
        - containerPort: 8443
25
          protocol: TCP
26
          name: https
27
        resources:
28
          limits:
29
            cpu: 500m
30
            memory: 128Mi
31
          requests:
32
            cpu: 5m
33
            memory: 64Mi
34
      - name: manager
35
        args:
36
        - "--health-probe-bind-address=:8081"
37
        - "--metrics-bind-address=127.0.0.1:8080"
38
        - "--leader-elect"
39

40

Product

Resources

Company