--- apiVersion: apps/v1 kind: Deployment metadata: name: kubemirror-controller namespace: kubemirror-system labels: app.kubernetes.io/name: kubemirror app.kubernetes.io/component: controller spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: kubemirror app.kubernetes.io/component: controller template: metadata: labels: app.kubernetes.io/name: kubemirror app.kubernetes.io/component: controller annotations: prometheus.io/scrape: "true" prometheus.io/port: "8080" prometheus.io/path: "/metrics" spec: serviceAccountName: kubemirror-controller securityContext: runAsNonRoot: true runAsUser: 65532 fsGroup: 65532 seccompProfile: type: RuntimeDefault containers: - name: controller image: ghcr.io/lukaszraczylo/kubemirror:latest imagePullPolicy: IfNotPresent command: - /kubemirror args: - --leader-elect - --metrics-bind-address=:8080 - --health-probe-bind-address=:8081 - --max-targets=100 - --worker-threads=5 - --rate-limit-qps=50.0 - --rate-limit-burst=100 ports: - name: metrics containerPort: 8080 protocol: TCP - name: health containerPort: 8081 protocol: TCP livenessProbe: httpGet: path: /healthz port: health initialDelaySeconds: 15 periodSeconds: 20 timeoutSeconds: 5 failureThreshold: 3 readinessProbe: httpGet: path: /readyz port: health initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 3 resources: limits: cpu: 500m memory: 512Mi requests: cpu: 100m memory: 128Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsNonRoot: true capabilities: drop: - ALL terminationGracePeriodSeconds: 10