apiVersion: apps/v1
kind: Deployment
metadata:
  name: controller
  namespace: system
spec:
  replicas: 1
  selector:
    matchLabels:
      component: controller
  template:
    metadata:
      labels:
        component: controller
      annotations:
        prometheus.io/port: "8080"
        prometheus.io/scrape: "true"
    spec:
      securityContext:
        runAsNonRoot: true
      containers:
      - args:
        - --metrics-address=:8080
        - --enable-leader-election
        - --cert-dir=/tmp/webhook
        image: controller:latest
        name: manager
        env:
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        ports:
        - name: monitoring
          containerPort: 8080
        securityContext:
          allowPrivilegeEscalation: false
        livenessProbe:
          httpGet:
            path: /metrics
            port: monitoring
          initialDelaySeconds: 15
          periodSeconds: 20
        readinessProbe:
          httpGet:
            path: /metrics
            port: monitoring
          initialDelaySeconds: 5
          periodSeconds: 10
        resources:
          limits:
            cpu: 100m
            memory: 30Mi
          requests:
            cpu: 100m
            memory: 20Mi
      serviceAccountName: monitor-manager
      terminationGracePeriodSeconds: 10