apiVersion: apps/v1 kind: Deployment metadata: labels: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux control-plane: controller name: source-controller namespace: flux-system spec: replicas: 1 selector: matchLabels: app: source-controller strategy: type: Recreate template: metadata: annotations: prometheus.io/port: "8080" prometheus.io/scrape: "true" labels: app: source-controller spec: containers: - args: - --events-addr=http://notification-controller.flux-system.svc.cluster.local./ - --watch-all-namespaces - --log-level=info - --log-encoding=json - --enable-leader-election - --storage-path=/data - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local. env: - name: RUNTIME_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: TUF_ROOT value: /tmp/.sigstore image: ghcr.io/fluxcd/source-controller:v1.2.4 imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: /healthz port: healthz name: manager ports: - containerPort: 9090 name: http protocol: TCP - containerPort: 8080 name: http-prom protocol: TCP - containerPort: 9440 name: healthz protocol: TCP readinessProbe: httpGet: path: / port: http resources: limits: cpu: 1000m memory: 1Gi requests: cpu: 50m memory: 64Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true seccompProfile: type: RuntimeDefault volumeMounts: - mountPath: /data name: data - mountPath: /tmp name: tmp priorityClassName: system-cluster-critical securityContext: fsGroup: 1337 serviceAccountName: source-controller terminationGracePeriodSeconds: 10 volumes: - emptyDir: {} name: data - emptyDir: {} name: tmp