|
1 | | -# Copyright 2021 Google LLC |
2 | | -# |
3 | | -# Licensed under the Apache License, Version 2.0 (the "License"); |
4 | | -# you may not use this file except in compliance with the License. |
5 | | -# You may obtain a copy of the License at |
6 | | -# |
7 | | -# http://www.apache.org/licenses/LICENSE-2.0 |
8 | | -# |
9 | | -# Unless required by applicable law or agreed to in writing, software |
10 | | -# distributed under the License is distributed on an "AS IS" BASIS, |
11 | | -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
12 | | -# See the License for the specific language governing permissions and |
13 | | -# limitations under the License. |
14 | | - |
15 | 1 | apiVersion: apps/v1 |
16 | 2 | kind: Deployment |
17 | 3 | metadata: |
18 | | - name: gatekeeper-securitycenter-controller-manager |
19 | | - namespace: gatekeeper-securitycenter # kpt-set: ${namespace} |
20 | 4 | labels: |
21 | 5 | control-plane: controller-manager |
22 | 6 | gatekeeper-securitycenter/operation: manager |
23 | | - gatekeeper-securitycenter/system: 'yes' |
| 7 | + gatekeeper-securitycenter/system: "yes" |
| 8 | + name: gatekeeper-securitycenter-controller-manager |
| 9 | + namespace: gatekeeper-securitycenter |
24 | 10 | spec: |
25 | 11 | replicas: 1 |
26 | 12 | selector: |
27 | 13 | matchLabels: |
28 | 14 | control-plane: controller-manager |
29 | 15 | gatekeeper-securitycenter/operation: controller |
30 | | - gatekeeper-securitycenter/system: 'yes' |
| 16 | + gatekeeper-securitycenter/system: "yes" |
31 | 17 | template: |
32 | 18 | metadata: |
| 19 | + annotations: |
| 20 | + container.seccomp.security.alpha.kubernetes.io/manager: runtime/default |
33 | 21 | labels: |
34 | 22 | control-plane: controller-manager |
35 | 23 | gatekeeper-securitycenter/operation: controller |
36 | | - gatekeeper-securitycenter/system: 'yes' |
37 | | - annotations: |
38 | | - container.seccomp.security.alpha.kubernetes.io/manager: runtime/default |
| 24 | + gatekeeper-securitycenter/system: "yes" |
39 | 25 | spec: |
40 | | - serviceAccountName: gatekeeper-securitycenter-controller |
41 | 26 | containers: |
42 | | - - name: manager |
43 | | - image: gatekeeper-securitycenter # kpt-set: ${image} |
44 | | - args: |
| 27 | + - args: |
45 | 28 | - findings |
46 | 29 | - manager |
47 | 30 | - --source=$(SOURCE) |
48 | 31 | - --cluster=$(CLUSTER) |
49 | | - - --interval=120 # kpt-set: --interval=${interval} |
50 | | - - --dry-run=false # kpt-set: --dry-run=${dry-run} |
| 32 | + - --interval=120 |
| 33 | + - --dry-run=false |
51 | 34 | env: |
52 | 35 | - name: SOURCE |
53 | 36 | valueFrom: |
54 | 37 | configMapKeyRef: |
55 | | - name: gatekeeper-securitycenter-config |
56 | 38 | key: SOURCE_NAME |
| 39 | + name: gatekeeper-securitycenter-config |
57 | 40 | - name: CLUSTER |
58 | 41 | valueFrom: |
59 | 42 | configMapKeyRef: |
60 | | - name: gatekeeper-securitycenter-config |
61 | 43 | key: CLUSTER_NAME |
| 44 | + name: gatekeeper-securitycenter-config |
62 | 45 | - name: DEBUG |
63 | | - value: "false" # kpt-set: ${debug-env} |
| 46 | + value: "false" |
| 47 | + image: ghcr.io/googlecloudplatform/gatekeeper-securitycenter:v0.4.0@sha256:b284f09ba08b2a6fc6195600c69dd0c37eb714c001b98de1b12a431d14852369 |
| 48 | + name: manager |
64 | 49 | resources: |
65 | 50 | requests: |
66 | | - cpu: 250m # kpt-set: ${request-cpu} |
67 | | - memory: 512Mi # kpt-set: ${request-memory} |
| 51 | + cpu: 250m |
| 52 | + memory: 512Mi |
68 | 53 | securityContext: |
69 | 54 | allowPrivilegeEscalation: false |
70 | 55 | capabilities: |
|
74 | 59 | runAsGroup: 65532 |
75 | 60 | runAsNonRoot: true |
76 | 61 | runAsUser: 65532 |
| 62 | + serviceAccountName: gatekeeper-securitycenter-controller |
0 commit comments