diff --git a/net-kourier-controller.yaml b/net-kourier-controller.yaml new file mode 100644 index 000000000..4f85da45e --- /dev/null +++ b/net-kourier-controller.yaml @@ -0,0 +1,78 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: net-kourier-controller + namespace: knative-serving +spec: + template: + spec: + containers: + - env: + - name: CERTS_SECRET_NAMESPACE + - name: CERTS_SECRET_NAME + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: METRICS_DOMAIN + value: knative.dev/samples + - name: KOURIER_GATEWAY_NAMESPACE + value: knative-serving + - name: ENABLE_SECRET_INFORMER_FILTERING_BY_CERT_UID + value: "false" + - name: KUBE_API_BURST + value: "200" + - name: KUBE_API_QPS + value: "200" + image: gcr.io/knative-releases/knative.dev/net-kourier/cmd/kourier@sha256:0f345516b3d172dac408c08e58f1318056e8461861ba15f1a0215370ddd6e685 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + grpc: + port: 18000 + service: "" + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: controller + ports: + - containerPort: 18000 + name: http2-xds + protocol: TCP + - containerPort: 9090 + name: metrics + protocol: TCP + readinessProbe: + failureThreshold: 3 + grpc: + port: 18000 + service: "" + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: + limits: + cpu: "1" + memory: 500Mi + requests: + cpu: 200m + memory: 200Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: net-kourier + serviceAccountName: net-kourier + terminationGracePeriodSeconds: 30