pomerium Changeset - 6f8a6ccb2407

Changeset - 6f8a6ccb2407

Parent rev.

Child rev.

[Not reviewed]

tip default

0 2 0

drewp@bigasterisk.com - 16 months ago 2023-06-22 06:03:05
drewp@bigasterisk.com

debugging

2 files changed with 74 insertions and 9 deletions:

upstream/kustomization.yaml

upstream/patch.yaml

0 comments (0 inline, 0 general)

upstream/kustomization.yaml

➞

Show inline comments

 bases:
   - pomerium-ingress-controller.yaml
   - cert-manager-v1.12.0.yaml
 patchesStrategicMerge:
   - "patch.yaml"
 # patches:
 #   - target:
 #       kind: Deployment
 #       name: pomerium
 #       namespace: pomerium
 #     patch: |-
 #       - op: add
 #         path: /spec/template/spec/containers/0/args/-
 #         value: "--debug"
 patches:
   - target:
       kind: Deployment
       name: pomerium
       namespace: pomerium
     patch: |-
       - op: add
         path: /spec/template/spec/containers/0/args/-
         value: "--debug"
   # fix for a digitalocean/dns issue https://github.com/cert-manager/cert-manager/issues/2485#issuecomment-1167314615
   - target:
       kind: Deployment
       name: cert-manager
       namespace: cert-manager
     patch: |-
       - op: add
         path: /spec/template/spec/containers/0/args/-
         value: "--dns01-recursive-nameservers-only"
       - op: add
         path: /spec/template/spec/containers/0/args/-
         value: "--dns01-recursive-nameservers=8.8.8.8:53,1.1.1.1:53"
@@ \ No newline at end of file @@

upstream/patch.yaml

➞

Show inline comments

 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: pomerium
   namespace: pomerium
 spec:
   template:
     spec:
       containers:
         - name: pomerium
         # ran:
         # (rev '510' for v0.22.2)
         # /my/serv/pomerium/ingress-controller% IMG=bang5:5000/pomerium_ingress_controller:510 make
         # /my/serv/pomerium/ingress-controller% IMG=bang5:5000/pomerium_ingress_controller:510 make docker-build
         # docker push bang5:5000/pomerium_ingress_controller:510
           image: bang5:5000/pomerium_ingress_controller:510
           resources:
             limits:
               cpu: 5000m
               # getting OOM at the default 1Gi
               memory: 5Gi
       # only for debugging
       affinity:
         nodeAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
             nodeSelectorTerms:
             - matchExpressions:
               - { key: "kubernetes.io/hostname", operator: In, values: ["ditto"] }
 ---
 apiVersion: v1
 kind: Service
 metadata:
   name: pomerium-proxy
   namespace: pomerium
 spec:
   externalIPs:
   # this would be the fastest if we're running on ditto
     - 10.5.0.7
   # prime forwards to this
     - 10.5.0.1
   # local dns picks this
     - 10.2.0.1
 ---
 apiVersion: batch/v1
 kind: Job
 metadata:
   name: pomerium-gen-secrets
   namespace: pomerium
 spec:
   template:
     spec:
       containers:
       - name: gen-secrets
         image: bang5:5000/pomerium_ingress_controller:510
       # only for debugging
       affinity:
         nodeAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
             nodeSelectorTerms:
             - matchExpressions:
               - { key: "kubernetes.io/hostname", operator: In, values: ["ditto"] }
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: cert-manager-cainjector
   namespace: cert-manager
 spec:
   template:
     spec:
       # only for debugging
       affinity:
         nodeAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
             nodeSelectorTerms:
             - matchExpressions:
               - { key: "kubernetes.io/hostname", operator: In, values: ["ditto"] }
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: cert-manager
   namespace: cert-manager
 spec:
   template:
     spec:
       # only for debugging
       affinity:
         nodeAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
             nodeSelectorTerms:
             - matchExpressions:
               - { key: "kubernetes.io/hostname", operator: In, values: ["ditto"] }
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: cert-manager-webhook
   namespace: cert-manager
 spec:
   template:
     spec:
       # only for debugging
       affinity:
         nodeAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
             nodeSelectorTerms:
             - matchExpressions:
               - { key: "kubernetes.io/hostname", operator: In, values: ["ditto"] }
@@ \ No newline at end of file @@

0 comments (0 inline, 0 general)