apiVersion: apps/v1
kind: Deployment
metadata:
  name: gateway-cert-operator
  namespace: gateway-cert-operator-system
  labels:
    app.kubernetes.io/name: gateway-cert-operator
    app.kubernetes.io/component: operator
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: gateway-cert-operator
  template:
    metadata:
      labels:
        app.kubernetes.io/name: gateway-cert-operator
        app.kubernetes.io/component: operator
    spec:
      serviceAccountName: gateway-cert-operator
      terminationGracePeriodSeconds: 10
      securityContext:
        runAsNonRoot: true
        seccompProfile:
          type: RuntimeDefault
      containers:
        - name: manager
          image: gateway-cert-operator:latest
          args:
            - --metrics-bind-address=:8080
            - --health-probe-bind-address=:8081
          ports:
            - name: metrics
              containerPort: 8080
              protocol: TCP
            - name: healthz
              containerPort: 8081
              protocol: TCP
          livenessProbe:
            httpGet:
              path: /healthz
              port: healthz
            initialDelaySeconds: 5
            periodSeconds: 10
          readinessProbe:
            httpGet:
              path: /readyz
              port: healthz
            initialDelaySeconds: 5
            periodSeconds: 10
          resources:
            limits:
              cpu: 100m
              memory: 64Mi
            requests:
              cpu: 50m
              memory: 32Mi
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
            capabilities:
              drop: ["ALL"]