Files
@ 037539eb52c3
Branch filter:
Location: pomerium/04-gen-secrets-job.yaml - annotation
037539eb52c3
912 B
text/x-yaml
change issuer ns to make it work today, but this is questionable. maybe they should be clusterissuers anyway
723ad82340d1 723ad82340d1 723ad82340d1 723ad82340d1 723ad82340d1 723ad82340d1 723ad82340d1 723ad82340d1 723ad82340d1 723ad82340d1 723ad82340d1 723ad82340d1 723ad82340d1 723ad82340d1 723ad82340d1 723ad82340d1 723ad82340d1 723ad82340d1 723ad82340d1 723ad82340d1 723ad82340d1 723ad82340d1 723ad82340d1 723ad82340d1 723ad82340d1 723ad82340d1 723ad82340d1 723ad82340d1 723ad82340d1 723ad82340d1 723ad82340d1 723ad82340d1 723ad82340d1 723ad82340d1 723ad82340d1 723ad82340d1 | apiVersion: batch/v1
kind: Job
metadata:
labels:
app.kubernetes.io/name: pomerium
name: pomerium-gen-secrets
namespace: pomerium
spec:
template:
metadata:
labels:
app.kubernetes.io/name: pomerium
name: pomerium-gen-secrets
spec:
containers:
- args:
- gen-secrets
- --secrets=$(POD_NAMESPACE)/bootstrap
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: pomerium/ingress-controller:sha-efe2d11
imagePullPolicy: IfNotPresent
name: gen-secrets
securityContext:
allowPrivilegeEscalation: false
nodeSelector:
kubernetes.io/os: linux
restartPolicy: OnFailure
securityContext:
fsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
serviceAccountName: pomerium-gen-secrets
|