apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "metallb.fullname" . }}-controller labels: heritage: {{ .Release.Service | quote }} release: {{ .Release.Name | quote }} chart: {{ template "metallb.chart" . }} app: {{ template "metallb.name" . }} component: controller spec: revisionHistoryLimit: 3 selector: matchLabels: app: {{ template "metallb.name" . }} component: controller release: {{ .Release.Name | quote }} template: metadata: labels: heritage: {{ .Release.Service | quote }} release: {{ .Release.Name | quote }} chart: {{ template "metallb.chart" . }} app: {{ template "metallb.name" . }} component: controller {{- if .Values.prometheus.scrapeAnnotations }} annotations: prometheus.io/scrape: "true" prometheus.io/port: "7472" {{- end }} spec: serviceAccountName: {{ template "metallb.controllerServiceAccountName" . }} terminationGracePeriodSeconds: 0 securityContext: runAsNonRoot: true runAsUser: 65534 # nobody nodeSelector: "beta.kubernetes.io/os": linux {{- with .Values.controller.nodeSelector }} {{ toYaml . | indent 8 }} {{- end }} {{- with .Values.controller.tolerations }} tolerations: {{ toYaml . | indent 8 }} {{- end }} {{- with .Values.controller.affinity }} affinity: {{ toYaml . | indent 8 }} {{- end }} containers: - name: controller image: {{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }} imagePullPolicy: {{ .Values.controller.image.pullPolicy }} args: - --port=7472 - --config={{ template "metallb.configMapName" . }} ports: - name: monitoring containerPort: 7472 resources: {{ toYaml .Values.controller.resources | indent 10 }} securityContext: allowPrivilegeEscalation: false capabilities: drop: - all readOnlyRootFilesystem: true