---
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: supabase-system
labels:
control-plane: controller-manager
app.kubernetes.io/name: supabase-operator
app.kubernetes.io/managed-by: kustomize
spec:
selector:
matchLabels:
control-plane: controller-manager
replicas: 1
template:
metadata:
annotations:
kubectl.kubernetes.io/default-container: manager
labels:
control-plane: controller-manager
spec:
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
containers:
- args:
- manager
- --leader-elect
- --health-probe-bind-address=:8081
image: supabase-operator:latest
name: manager
env:
- name: CONTROLLER_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: TLS_CA_CERT
value: /etc/supabase/operator/certs/tls.crt
- name: TLS_CA_KEY
value: /etc/supabase/operator/certs/tls.key
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- "ALL"
livenessProbe:
httpGet:
path: /healthz
port: 8081
initialDelaySeconds: 15
periodSeconds: 20
readinessProbe:
httpGet:
path: /readyz
port: 8081
initialDelaySeconds: 5
periodSeconds: 10
resources:
limits:
cpu: 150m
memory: 128Mi
requests:
cpu: 10m
memory: 64Mi
volumeMounts:
- name: tls-certs
mountPath: /etc/supabase/operator/certs
volumes:
- name: tls-certs
secret:
secretName: control-plane-ca-cert-tls
serviceAccountName: controller-manager
terminationGracePeriodSeconds: 10