Files
@ 037539eb52c3
Branch filter:
Location: pomerium/20-kube/20-pom-deploy.yaml - annotation
037539eb52c3
2.5 KiB
text/x-yaml
change issuer ns to make it work today, but this is questionable. maybe they should be clusterissuers anyway
0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 c9e2108bb271 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 723ad82340d1 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 c9e2108bb271 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 | apiVersion: apps/v1
kind: Deployment
metadata:
labels: { app.kubernetes.io/name: pomerium }
name: pomerium
namespace: pomerium
spec:
replicas: 1
strategy: {type: Recreate}
selector:
matchLabels: { app.kubernetes.io/name: pomerium }
template:
metadata:
labels: { app.kubernetes.io/name: pomerium }
spec:
containers:
- args:
- all-in-one
- --pomerium-config=global
- --update-status-from-service=$(POMERIUM_NAMESPACE)/pomerium-proxy
- --metrics-bind-address=$(POD_IP):9090
env:
- { name: TMPDIR, value: /tmp }
- { name: XDG_CACHE_HOME, value: /tmp }
- name: POMERIUM_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
image: pomerium/ingress-controller:sha-efe2d11
imagePullPolicy: IfNotPresent
name: pomerium
ports:
- { containerPort: 8443, name: https, protocol: TCP }
- { containerPort: 8080, name: http, protocol: TCP }
- { containerPort: 9090, name: metrics, protocol: TCP }
resources:
limits: { cpu: 5000m, memory: 1Gi }
requests: { cpu: 300m, memory: 200Mi }
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
volumeMounts:
- { mountPath: /tmp, name: tmp }
- { mountPath: /data/autocert, name: autocert }
- { mountPath: /.local, name: autocert }
nodeSelector:
kubernetes.io/os: linux
securityContext:
runAsNonRoot: true
serviceAccountName: pomerium-controller
terminationGracePeriodSeconds: 10
volumes:
- { name: tmp, emptyDir: {} }
- { name: autocert, persistentVolumeClaim: { claimName: autocert-data } }
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: "kubernetes.io/hostname"
operator: In
values: ["bang"]
---
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
labels:
app.kubernetes.io/name: pomerium
name: pomerium
spec:
controller: pomerium.io/ingress-controller
|