File source-controller.deployment.yaml of Package flux2-cli
apiVersion: v1
kind: Service
metadata:
  labels:
    control-plane: controller
  name: source-controller
spec:
  ports:
  - name: http
    port: 80
    protocol: TCP
    targetPort: http
  selector:
    app: source-controller
  type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    control-plane: controller
  name: source-controller
spec:
  replicas: 1
  selector:
    matchLabels:
      app: source-controller
  strategy:
    type: Recreate
  template:
    metadata:
      annotations:
        prometheus.io/port: "8080"
        prometheus.io/scrape: "true"
      labels:
        app: source-controller
    spec:
      containers:
      - args:
        - --watch-all-namespaces
        - --log-level=info
        - --log-encoding=json
        - --enable-leader-election
        - --storage-path=/data
        - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local.
        env:
        - name: RUNTIME_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        - name: TUF_ROOT
          value: /tmp/.sigstore
        image: fluxcd/source-controller:v1.7.2
        imagePullPolicy: IfNotPresent
        livenessProbe:
          httpGet:
            path: /healthz
            port: healthz
        name: manager
        ports:
        - containerPort: 9090
          name: http
          protocol: TCP
        - containerPort: 8080
          name: http-prom
          protocol: TCP
        - containerPort: 9440
          name: healthz
          protocol: TCP
        readinessProbe:
          httpGet:
            path: /
            port: http
        resources:
          limits:
            cpu: 1000m
            memory: 1Gi
          requests:
            cpu: 50m
            memory: 64Mi
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
          readOnlyRootFilesystem: true
          runAsNonRoot: true
          seccompProfile:
            type: RuntimeDefault
        volumeMounts:
        - mountPath: /data
          name: data
        - mountPath: /tmp
          name: tmp
      securityContext:
        fsGroup: 1337
      terminationGracePeriodSeconds: 10
      volumes:
      - emptyDir: {}
        name: data
      - emptyDir: {}
        name: tmp