apiVersion: apps/v1 kind: Deployment metadata: name: external-secrets namespace: external-secrets labels: helm.sh/chart: external-secrets-2.2.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: external-secrets app.kubernetes.io/version: "v2.2.0" app.kubernetes.io/managed-by: Helm spec: replicas: 3 revisionHistoryLimit: 10 selector: matchLabels: app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: external-secrets template: metadata: labels: helm.sh/chart: external-secrets-2.2.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: external-secrets app.kubernetes.io/version: "v2.2.0" app.kubernetes.io/managed-by: Helm spec: serviceAccountName: external-secrets automountServiceAccountToken: true hostNetwork: false containers: - name: external-secrets securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 seccompProfile: type: RuntimeDefault image: ghcr.io/external-secrets/external-secrets:v2.2.0@sha256:876e627dbee5b0edd12da49b035469d12418cd6c3c4be5e383ae6a82e8bd4565 imagePullPolicy: IfNotPresent args: - --enable-leader-election=true - --enable-extended-metric-labels=true - --concurrent=1 - --metrics-addr=:8080 - --loglevel=info - --zap-time-encoding=epoch - --live-addr=:8082 ports: - containerPort: 8080 protocol: TCP name: metrics - name: live protocol: TCP containerPort: 8082 livenessProbe: failureThreshold: 5 httpGet: path: /healthz port: live initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 readinessProbe: failureThreshold: 3 httpGet: path: /readyz port: live initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 resources: requests: cpu: 5m memory: 50Mi dnsPolicy: ClusterFirst