Files
@ 021ddfa73806
Branch filter:
Location: pomerium/20-kube/20-pom-deploy.yaml - annotation
021ddfa73806
2.8 KiB
text/x-yaml
try things to get sessions that don't quickly expire (fetch requests have CORS errors). these may not be working
0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 021ddfa73806 76e097b3e248 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 76e097b3e248 d8b3c6fa64a3 d8b3c6fa64a3 d8b3c6fa64a3 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 c9e2108bb271 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 290342e75927 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 | apiVersion: apps/v1
kind: Deployment
metadata:
labels: { app.kubernetes.io/name: pomerium }
name: pomerium
namespace: pomerium
spec:
replicas: 1
strategy: { type: RollingUpdate }
selector:
matchLabels: { app.kubernetes.io/name: pomerium }
template:
metadata:
labels: { app.kubernetes.io/name: pomerium }
spec:
containers:
- args:
- all-in-one
- --pomerium-config=global
- --update-status-from-service=$(POMERIUM_NAMESPACE)/pomerium-proxy
- --metrics-bind-address=$(POD_IP):9090
env:
- { name: TMPDIR, value: /tmp }
- { name: XDG_CACHE_HOME, value: /tmp }
- name: POMERIUM_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
# see https://hub.docker.com/r/pomerium/ingress-controller/tags but idk how to get the version number!
# It's not even in the startup logs, just this: "pomerium_version":""
# I think sha-2c8038a is v0.21.3 (by date, https://www.pomerium.com/docs/releases/changelog)
image: pomerium/ingress-controller:sha-2c8038a
imagePullPolicy: IfNotPresent
name: pomerium
ports:
- { containerPort: 8443, name: https, protocol: TCP }
- { containerPort: 8080, name: http, protocol: TCP }
- { containerPort: 9090, name: metrics, protocol: TCP }
resources:
limits: { cpu: 5000m, memory: 1Gi }
requests: { cpu: 300m, memory: 200Mi }
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
volumeMounts:
- { mountPath: /tmp, name: tmp }
- { mountPath: /data/autocert, name: autocert }
- { mountPath: /.local, name: autocert }
nodeSelector:
kubernetes.io/os: linux
securityContext:
runAsNonRoot: true
serviceAccountName: pomerium-controller
terminationGracePeriodSeconds: 10
volumes:
- { name: tmp, emptyDir: {} }
- { name: autocert, persistentVolumeClaim: { claimName: autocert-data } }
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: "kubernetes.io/hostname"
operator: In
values: ["ditto"]
---
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
labels:
app.kubernetes.io/name: pomerium
name: pomerium
spec:
controller: pomerium.io/ingress-controller
|