apiVersion: apps/v1
kind: Deployment
metadata:
  name: pomerium
spec:
  template:
    spec:
      containers:
        - name: pomerium
          env:
            - name: POMERIUM_ZERO_TOKEN
              valueFrom:
                secretKeyRef:
                  name: pomerium
                  key: pomerium_zero_token
                  optional: false
            - name: POMERIUM_NAMESPACE
              valueFrom:
                fieldRef:
                  apiVersion: v1
                  fieldPath: metadata.namespace
            - name: BOOTSTRAP_CONFIG_FILE
              value: "/var/run/secrets/pomerium/bootstrap.dat"
            - name: BOOTSTRAP_CONFIG_WRITEBACK_URI
              value: "secret://$(POMERIUM_NAMESPACE)/pomerium/bootstrap"
            - name: POD_IP
              valueFrom:
                fieldRef:
                  fieldPath: status.podIP