---
kind: Deployment
apiVersion: apps/v1
metadata:
  namespace: cert-manager
  name: cert-manager
spec:
  replicas: 1
  selector:
    matchLabels:
      app: cert-manager
  template:
    metadata:
      labels:
        app: cert-manager
    spec:
      serviceAccountName: cert-manager
      securityContext:
        runAsNonRoot: true
        seccompProfile:
          type: RuntimeDefault
      containers:
        - name: cert-manager-controller
          image: "quay.io/jetstack/cert-manager-controller:v1.10.1"
          args:
            - --v=2
            - --cluster-resource-namespace=cert-manager
            - --leader-election-namespace=cert-manager
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop:
                - ALL