Files
@ c9e2108bb271
Branch filter:
Location: pomerium/20-kube/20-pom-deploy.yaml - annotation
c9e2108bb271
2.5 KiB
text/x-yaml
pom deploy touchups
0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 c9e2108bb271 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 723ad82340d1 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 c9e2108bb271 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 | apiVersion: apps/v1
kind: Deployment
metadata:
labels: { app.kubernetes.io/name: pomerium }
name: pomerium
namespace: pomerium
spec:
replicas: 1
strategy: {type: Recreate}
selector:
matchLabels: { app.kubernetes.io/name: pomerium }
template:
metadata:
labels: { app.kubernetes.io/name: pomerium }
spec:
containers:
- args:
- all-in-one
- --pomerium-config=global
- --update-status-from-service=$(POMERIUM_NAMESPACE)/pomerium-proxy
- --metrics-bind-address=$(POD_IP):9090
env:
- { name: TMPDIR, value: /tmp }
- { name: XDG_CACHE_HOME, value: /tmp }
- name: POMERIUM_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
image: pomerium/ingress-controller:sha-efe2d11
imagePullPolicy: IfNotPresent
name: pomerium
ports:
- { containerPort: 8443, name: https, protocol: TCP }
- { containerPort: 8080, name: http, protocol: TCP }
- { containerPort: 9090, name: metrics, protocol: TCP }
resources:
limits: { cpu: 5000m, memory: 1Gi }
requests: { cpu: 300m, memory: 200Mi }
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
volumeMounts:
- { mountPath: /tmp, name: tmp }
- { mountPath: /data/autocert, name: autocert }
- { mountPath: /.local, name: autocert }
nodeSelector:
kubernetes.io/os: linux
securityContext:
runAsNonRoot: true
serviceAccountName: pomerium-controller
terminationGracePeriodSeconds: 10
volumes:
- { name: tmp, emptyDir: {} }
- { name: autocert, persistentVolumeClaim: { claimName: autocert-data } }
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: "kubernetes.io/hostname"
operator: In
values: ["bang"]
---
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
labels:
app.kubernetes.io/name: pomerium
name: pomerium
spec:
controller: pomerium.io/ingress-controller
|