---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: pomerium
  namespace: pomerium
spec:
  template:
    spec:
      containers:
        - name: pomerium
          image: pomerium/ingress-controller:sha-dd49d67
          volumeMounts:
            - mountPath: /data/autocert
              name: autocert
            - mountPath: /.local
              name: autocert
      volumes:
        - { name: autocert, persistentVolumeClaim: { claimName: autocert-data } }
---
apiVersion: v1
kind: Service
metadata:
  name: pomerium-proxy
  namespace: pomerium
spec:
  externalIPs:
  # this would be the fastest if we're running on ditto
    - 10.5.0.7
  # prime forwards to this
    - 10.5.0.1
  # local dns picks this
    - 10.2.0.1
---
apiVersion: batch/v1
kind: Job
metadata:
  name: pomerium-gen-secrets
  namespace: pomerium
spec:
  template:
    spec:
      containers:
      - name: gen-secrets
        image: pomerium/ingress-controller:sha-dd49d67