# HG changeset patch
# User drewp@bigasterisk.com
# Date 2023-04-19 23:36:55
# Node ID 021ddfa738061f9c3b995eaf5d14d5b5a5301951
# Parent  76e097b3e248238ccaa3277f35695c3da74446ab

try things to get sessions that don't quickly expire (fetch requests have CORS errors). these may not be working

diff --git a/20-kube/10-pom-pom.yaml b/20-kube/10-pom-pom.yaml
--- a/20-kube/10-pom-pom.yaml
+++ b/20-kube/10-pom-pom.yaml
@@ -6,6 +6,8 @@ spec:
   secrets: pomerium/bootstrap
   authenticate:
     url: https://authenticate.bigasterisk.com
+  cookie:
+    expire: 20h
   identityProvider:
     provider: oidc
     url: https://accounts.google.com
@@ -15,10 +17,9 @@ spec:
       # adds name+locale to user details
       - profile
     secret: pomerium/idp
-  storage:
-    postgres:
-      secret: pomerium/postgres-connection-key
-
+      #  storage:
+      #    postgres:
+      #      secret: pomerium/postgres-connection-key
   # Note pom won't start up if this cert doesn't exist, so you have to run once
   # with it commented out, then after cert success, run again with it enabled.
   certificates: [pomerium/pomerium-proxy-tls]
diff --git a/20-kube/20-pom-deploy.yaml b/20-kube/20-pom-deploy.yaml
--- a/20-kube/20-pom-deploy.yaml
+++ b/20-kube/20-pom-deploy.yaml
@@ -5,7 +5,7 @@ metadata:
   name: pomerium
   namespace: pomerium
 spec:
-  replicas: 3
+  replicas: 1
   strategy: { type: RollingUpdate }
   selector:
     matchLabels: { app.kubernetes.io/name: pomerium }