pomerium: 20-kube/20-pom-deploy.yaml annotate

annotate 20-kube/20-pom-deploy.yaml @ 20:021ddfa73806

try things to get sessions that don't quickly expire (fetch requests have CORS errors). these may not be working

author	drewp@bigasterisk.com
date	Wed, 19 Apr 2023 16:36:55 -0700
parents	76e097b3e248
children	c2e12ba4d0b2

rev	line source
0 6bf643829330 start drewp@bigasterisk.com parents: diff changeset	1 apiVersion: apps/v1
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	2 kind: Deployment
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	3 metadata:
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	4 labels: { app.kubernetes.io/name: pomerium }
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	5 name: pomerium
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	6 namespace: pomerium
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	7 spec:
20 021ddfa73806 try things to get sessions that don't quickly expire (fetch requests have CORS errors). these may not be working drewp@bigasterisk.com parents: 19 diff changeset	8 replicas: 1
19 76e097b3e248 reformat drewp@bigasterisk.com parents: 18 diff changeset	9 strategy: { type: RollingUpdate }
0 6bf643829330 start drewp@bigasterisk.com parents: diff changeset	10 selector:
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	11 matchLabels: { app.kubernetes.io/name: pomerium }
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	12 template:
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	13 metadata:
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	14 labels: { app.kubernetes.io/name: pomerium }
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	15 spec:
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	16 containers:
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	17 - args:
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	18 - all-in-one
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	19 - --pomerium-config=global
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	20 - --update-status-from-service=$(POMERIUM_NAMESPACE)/pomerium-proxy
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	21 - --metrics-bind-address=$(POD_IP):9090
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	22 env:
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	23 - { name: TMPDIR, value: /tmp }
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	24 - { name: XDG_CACHE_HOME, value: /tmp }
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	25 - name: POMERIUM_NAMESPACE
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	26 valueFrom:
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	27 fieldRef:
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	28 apiVersion: v1
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	29 fieldPath: metadata.namespace
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	30 - name: POD_IP
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	31 valueFrom:
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	32 fieldRef:
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	33 fieldPath: status.podIP
19 76e097b3e248 reformat drewp@bigasterisk.com parents: 18 diff changeset	34 # see https://hub.docker.com/r/pomerium/ingress-controller/tags but idk how to get the version number!
16 d8b3c6fa64a3 upstream pom image upgrade drewp@bigasterisk.com parents: 14 diff changeset	35 # It's not even in the startup logs, just this: "pomerium_version":""
d8b3c6fa64a3 upstream pom image upgrade drewp@bigasterisk.com parents: 14 diff changeset	36 # I think sha-2c8038a is v0.21.3 (by date, https://www.pomerium.com/docs/releases/changelog)
d8b3c6fa64a3 upstream pom image upgrade drewp@bigasterisk.com parents: 14 diff changeset	37 image: pomerium/ingress-controller:sha-2c8038a
0 6bf643829330 start drewp@bigasterisk.com parents: diff changeset	38 imagePullPolicy: IfNotPresent
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	39 name: pomerium
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	40 ports:
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	41 - { containerPort: 8443, name: https, protocol: TCP }
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	42 - { containerPort: 8080, name: http, protocol: TCP }
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	43 - { containerPort: 9090, name: metrics, protocol: TCP }
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	44 resources:
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	45 limits: { cpu: 5000m, memory: 1Gi }
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	46 requests: { cpu: 300m, memory: 200Mi }
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	47 securityContext:
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	48 allowPrivilegeEscalation: false
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	49 readOnlyRootFilesystem: true
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	50 runAsGroup: 1000
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	51 runAsNonRoot: true
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	52 runAsUser: 1000
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	53 volumeMounts:
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	54 - { mountPath: /tmp, name: tmp }
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	55 - { mountPath: /data/autocert, name: autocert }
9 c9e2108bb271 pom deploy touchups drewp@bigasterisk.com parents: 8 diff changeset	56 - { mountPath: /.local, name: autocert }
0 6bf643829330 start drewp@bigasterisk.com parents: diff changeset	57 nodeSelector:
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	58 kubernetes.io/os: linux
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	59 securityContext:
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	60 runAsNonRoot: true
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	61 serviceAccountName: pomerium-controller
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	62 terminationGracePeriodSeconds: 10
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	63 volumes:
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	64 - { name: tmp, emptyDir: {} }
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	65 - { name: autocert, persistentVolumeClaim: { claimName: autocert-data } }
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	66 affinity:
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	67 nodeAffinity:
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	68 requiredDuringSchedulingIgnoredDuringExecution:
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	69 nodeSelectorTerms:
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	70 - matchExpressions:
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	71 - key: "kubernetes.io/hostname"
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	72 operator: In
14 290342e75927 move to ditto drewp@bigasterisk.com parents: 9 diff changeset	73 values: ["ditto"]
0 6bf643829330 start drewp@bigasterisk.com parents: diff changeset	74 ---
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	75 apiVersion: networking.k8s.io/v1
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	76 kind: IngressClass
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	77 metadata:
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	78 labels:
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	79 app.kubernetes.io/name: pomerium
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	80 name: pomerium
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	81 spec:
6bf643829330 start drewp@bigasterisk.com parents: diff changeset	82 controller: pomerium.io/ingress-controller

Mercurial > code > home > repos > pomerium

annotate 20-kube/20-pom-deploy.yaml @ 20:021ddfa73806