apiVersion: apps/v1 kind: Deployment metadata: labels: control-plane: controller-manager name: inteldeviceplugins-controller-manager namespace: "intel-device-plugin" spec: replicas: 1 selector: matchLabels: control-plane: controller-manager template: metadata: labels: control-plane: controller-manager spec: containers: - args: - "--metrics-bind-address=:8443" - "--metrics-secure" - "--health-probe-bind-address=:8081" - "--leader-elect" env: - name: DEVICEPLUGIN_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace image: "intel/intel-deviceplugin-operator:0.35.0@sha256:d7eeac081bd17e58d8d4d542f3cb33d67cc1bdab314b09ad591e8eacb51dd5ec" imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: /healthz port: 8081 initialDelaySeconds: 15 periodSeconds: 20 readinessProbe: httpGet: path: /readyz port: 8081 initialDelaySeconds: 5 periodSeconds: 10 name: manager ports: - containerPort: 9443 name: webhook-server protocol: TCP resources: limits: {} requests: cpu: 10m memory: 50Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsGroup: 65532 runAsNonRoot: true runAsUser: 65532 seccompProfile: type: RuntimeDefault volumeMounts: - mountPath: /tmp/k8s-webhook-server/serving-certs name: cert readOnly: true nodeSelector: kubernetes.io/arch: amd64 serviceAccountName: default terminationGracePeriodSeconds: 10 volumes: - name: cert secret: defaultMode: 420 secretName: webhook-server-cert tolerations: []