---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: pomerium
  namespace: pomerium
spec:
  template:
    spec:
      containers:
        - name: pomerium
        # ran:
        # (rev '510' for v0.22.2)
        # /my/serv/pomerium/ingress-controller% IMG=bang5:5000/pomerium_ingress_controller:510 make
        # /my/serv/pomerium/ingress-controller% IMG=bang5:5000/pomerium_ingress_controller:510 make docker-build
        # docker push bang5:5000/pomerium_ingress_controller:510
          image: bang5:5000/pomerium_ingress_controller:510
          resources:
            limits:
              cpu: 5000m
              # getting OOM at the default 1Gi
              memory: 5Gi
---
apiVersion: v1
kind: Service
metadata:
  name: pomerium-proxy
  namespace: pomerium
spec:
  externalIPs:
  # this would be the fastest if we're running on ditto
    - 10.5.0.7
  # prime forwards to this
    - 10.5.0.1
  # local dns picks this
    - 10.2.0.1
---
apiVersion: batch/v1
kind: Job
metadata:
  name: pomerium-gen-secrets
  namespace: pomerium
spec:
  template:
    spec:
      containers:
      - name: gen-secrets
        image: bang5:5000/pomerium_ingress_controller:510