diff --git a/config/release/kubemacpool.yaml b/config/release/kubemacpool.yaml index aff216c9b..d0e2e4011 100644 --- a/config/release/kubemacpool.yaml +++ b/config/release/kubemacpool.yaml @@ -382,9 +382,6 @@ spec: - containerPort: 8000 name: webhook-server protocol: TCP - - containerPort: 8080 - name: metrics - protocol: TCP readinessProbe: httpGet: httpHeaders: @@ -403,6 +400,22 @@ spec: - mountPath: /tmp/k8s-webhook-server/serving-certs/ name: tls-key-pair readOnly: true + - args: + - --logtostderr + - --secure-listen-address=:8443 + - --upstream=http://127.0.0.1:8080 + image: quay.io/openshift/origin-kube-rbac-proxy:4.10.0 + imagePullPolicy: IfNotPresent + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: metrics + protocol: TCP + resources: + requests: + cpu: 10m + memory: 20Mi + terminationMessagePolicy: FallbackToLogsOnError priorityClassName: system-cluster-critical restartPolicy: Always terminationGracePeriodSeconds: 5 diff --git a/config/test/kubemacpool.yaml b/config/test/kubemacpool.yaml index 8c309643e..b4e78f72c 100644 --- a/config/test/kubemacpool.yaml +++ b/config/test/kubemacpool.yaml @@ -383,9 +383,6 @@ spec: - containerPort: 8000 name: webhook-server protocol: TCP - - containerPort: 8080 - name: metrics - protocol: TCP readinessProbe: httpGet: httpHeaders: @@ -404,6 +401,22 @@ spec: - mountPath: /tmp/k8s-webhook-server/serving-certs/ name: tls-key-pair readOnly: true + - args: + - --logtostderr + - --secure-listen-address=:8443 + - --upstream=http://127.0.0.1:8080 + image: quay.io/openshift/origin-kube-rbac-proxy:4.10.0 + imagePullPolicy: IfNotPresent + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: metrics + protocol: TCP + resources: + requests: + cpu: 10m + memory: 20Mi + terminationMessagePolicy: FallbackToLogsOnError priorityClassName: system-cluster-critical restartPolicy: Always terminationGracePeriodSeconds: 5