apiVersion: v1
kind: Service
metadata:
  name: pomerium-databroker-service
spec:
  clusterIP: None # databroker is a headless service!
  ports:
    - port: 80
      name: grpc
  selector:
    app: pomerium-databroker
  type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: pomerium-databroker
  labels:
    app: pomerium-databroker
spec:
  replicas: 1
  selector:
    matchLabels:
      app: pomerium-databroker
  template:
    metadata:
      labels:
        app: pomerium-databroker
    spec:
      containers:
        - image: pomerium/pomerium:main
          name: pomerium-databroker
          args:
            - --config=/etc/pomerium/config.yaml
          ports:
            - containerPort: 80
              name: grpc
              protocol: TCP
          env:
            - name: SERVICES
              value: databroker
            - name: SHARED_SECRET
              valueFrom:
                secretKeyRef:
                  name: shared-secret
                  key: shared-secret
          readinessProbe:
            tcpSocket:
              port: 80
            initialDelaySeconds: 5
            periodSeconds: 10
          livenessProbe:
            tcpSocket:
              port: 80
            initialDelaySeconds: 15
            periodSeconds: 20

          volumeMounts:
            - mountPath: /etc/pomerium/
              name: config
      volumes:
        - name: config
          configMap:
            name: config