diff --git a/20-kube/20-pom-deploy.yaml b/20-kube/20-pom-deploy.yaml
deleted file mode 100644
--- a/20-kube/20-pom-deploy.yaml
+++ /dev/null
@@ -1,88 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels: { app.kubernetes.io/name: pomerium }
-  name: pomerium
-  namespace: pomerium
-spec:
-  replicas: 1
-  strategy: { type: RollingUpdate }
-  selector:
-    matchLabels: { app.kubernetes.io/name: pomerium }
-  template:
-    metadata:
-      labels: { app.kubernetes.io/name: pomerium }
-    spec:
-      containers:
-        - args:
-            - all-in-one
-            - --pomerium-config=global
-            - --update-status-from-service=$(POMERIUM_NAMESPACE)/pomerium-proxy
-            - --metrics-bind-address=$(POD_IP):9090
-          env:
-            - { name: TMPDIR, value: /tmp }
-            - { name: XDG_CACHE_HOME, value: /tmp }
-            - name: POMERIUM_NAMESPACE
-              valueFrom:
-                fieldRef:
-                  apiVersion: v1
-                  fieldPath: metadata.namespace
-            - name: POD_IP
-              valueFrom:
-                fieldRef:
-                  fieldPath: status.podIP
-          # see https://hub.docker.com/r/pomerium/ingress-controller/tags but idk how to get the version number!
-          # It's not even in the startup logs, just this: "pomerium_version":""
-          # 
-          # I think sha-2c8038a is v0.21.3 (by date, https://www.pomerium.com/docs/releases/changelog)
-          #
-          # sha-dd49d67 is 2023-05-30,
-          # https://github.com/pomerium/ingress-controller/commit/dd49d679ea077930229dff8aa319c58c77a767dc
-          # including 'current main branch' as of 2023-05-23 per
-          # https://github.com/pomerium/ingress-controller/commit/f79735129577344cc9fd766ff1b51df324990771
-          image: pomerium/ingress-controller:sha-dd49d67
-          imagePullPolicy: IfNotPresent
-          name: pomerium
-          ports:
-            - { containerPort: 8443, name: https, protocol: TCP }
-            - { containerPort: 8080, name: http, protocol: TCP }
-            - { containerPort: 9090, name: metrics, protocol: TCP }
-          resources:
-            limits: { cpu: 5000m, memory: 1Gi }
-            requests: { cpu: 300m, memory: 200Mi }
-          securityContext:
-            allowPrivilegeEscalation: false
-            readOnlyRootFilesystem: true
-            runAsGroup: 1000
-            runAsNonRoot: true
-            runAsUser: 1000
-          volumeMounts:
-            - { mountPath: /tmp, name: tmp }
-            - { mountPath: /data/autocert, name: autocert }
-            - { mountPath: /.local, name: autocert }
-      nodeSelector:
-        kubernetes.io/os: linux
-      securityContext:
-        runAsNonRoot: true
-      serviceAccountName: pomerium-controller
-      terminationGracePeriodSeconds: 10
-      volumes:
-        - { name: tmp, emptyDir: {} }
-        - { name: autocert, persistentVolumeClaim: { claimName: autocert-data } }
-      affinity:
-        nodeAffinity:
-          requiredDuringSchedulingIgnoredDuringExecution:
-            nodeSelectorTerms:
-              - matchExpressions:
-                  - key: "kubernetes.io/hostname"
-                    operator: In
-                    values: ["ditto"]
----
-apiVersion: networking.k8s.io/v1
-kind: IngressClass
-metadata:
-  labels:
-    app.kubernetes.io/name: pomerium
-  name: pomerium
-spec:
-  controller: pomerium.io/ingress-controller