--- apiVersion: apps/v1 kind: Deployment metadata: name: karmada-search namespace: karmada-system labels: app: karmada-search apiserver: "true" spec: selector: matchLabels: app: karmada-search apiserver: "true" replicas: 2 template: metadata: labels: app: karmada-search apiserver: "true" spec: automountServiceAccountToken: false containers: - name: karmada-search image: docker.io/karmada/karmada-search:latest imagePullPolicy: IfNotPresent command: - /bin/karmada-search - --kubeconfig=/etc/karmada/config/karmada.config - --authentication-kubeconfig=/etc/karmada/config/karmada.config - --authorization-kubeconfig=/etc/karmada/config/karmada.config - --etcd-servers=https://etcd-client.karmada-system.svc.cluster.local:2379 - --etcd-cafile=/etc/karmada/pki/etcd-ca.crt - --etcd-certfile=/etc/karmada/pki/etcd-client.crt - --etcd-keyfile=/etc/karmada/pki/etcd-client.key - --tls-cert-file=/etc/karmada/pki/karmada.crt - --tls-private-key-file=/etc/karmada/pki/karmada.key - --audit-log-path=- - --audit-log-maxage=0 - --audit-log-maxbackup=0 - --tls-min-version=VersionTLS13 livenessProbe: httpGet: path: /livez port: 443 scheme: HTTPS failureThreshold: 3 initialDelaySeconds: 15 periodSeconds: 15 timeoutSeconds: 5 resources: requests: cpu: 100m volumeMounts: - name: karmada-config mountPath: /etc/karmada/config - name: karmada-certs mountPath: /etc/karmada/pki readOnly: true volumes: - name: karmada-config secret: secretName: karmada-search-config - name: karmada-certs secret: secretName: karmada-cert-secret --- apiVersion: v1 kind: Service metadata: name: karmada-search namespace: karmada-system labels: app: karmada-search apiserver: "true" spec: ports: - port: 443 protocol: TCP targetPort: 443 selector: app: karmada-search