kubelet-serving-cert-approver: defaultPodOptions: priorityClassName: system-cluster-critical affinity: nodeAffinity: preferredDuringSchedulingIgnoredDuringExecution: - preference: matchExpressions: - key: node-role.kubernetes.io/master operator: DoesNotExist - key: node-role.kubernetes.io/control-plane operator: DoesNotExist weight: 100 securityContext: fsGroup: 65534 runAsGroup: 65534 runAsUser: 65534 seccompProfile: type: RuntimeDefault tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists - effect: NoSchedule key: node-role.kubernetes.io/control-plane operator: Exists controllers: main: type: deployment replicas: 1 strategy: Recreate revisionHistoryLimit: 3 serviceAccount: name: kubelet-serving-cert-approver pod: automountServiceAccountToken: true containers: main: image: repository: ghcr.io/alex1989hu/kubelet-serving-cert-approver tag: 0.9.3 pullPolicy: Always args: - serve env: - name: NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace resources: requests: cpu: 100m memory: 128Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL privileged: false readOnlyRootFilesystem: true runAsNonRoot: true serviceAccount: kubelet-serving-cert-approver: enabled: true staticToken: true service: main: controller: main ports: health: port: 8080 targetPort: 8080 protocol: HTTP metrics: port: 9090 targetPort: 9090 protocol: HTTP