--- apiVersion: apps/v1 kind: Deployment metadata: labels: control-plane: controller-manager name: inteldeviceplugins-controller-manager namespace: "intel-device-plugin" spec: replicas: 1 selector: matchLabels: control-plane: controller-manager template: metadata: labels: control-plane: controller-manager spec: containers: - args: - "--metrics-bind-address=:8443" - "--metrics-secure" - "--health-probe-bind-address=:8081" - "--leader-elect" env: - name: DEVICEPLUGIN_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace image: "intel/intel-deviceplugin-operator:0.34.0" imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: /healthz port: 8081 initialDelaySeconds: 15 periodSeconds: 20 readinessProbe: httpGet: path: /readyz port: 8081 initialDelaySeconds: 5 periodSeconds: 10 name: manager ports: - containerPort: 9443 name: webhook-server protocol: TCP resources: limits: cpu: 100m memory: 120Mi requests: cpu: 100m memory: 100Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsGroup: 65532 runAsNonRoot: true runAsUser: 65532 seccompProfile: type: RuntimeDefault volumeMounts: - mountPath: /tmp/k8s-webhook-server/serving-certs name: cert readOnly: true nodeSelector: kubernetes.io/arch: amd64 serviceAccountName: default terminationGracePeriodSeconds: 10 volumes: - name: cert secret: defaultMode: 420 secretName: webhook-server-cert tolerations: []