apiVersion: v1
kind: Service
metadata:
  name: pomerium-proxy-service
spec:
  ports:
    - port: 80
      protocol: TCP
      name: http
      targetPort: http
  selector:
    app: pomerium-proxy
  type: NodePort
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: pomerium-proxy
  labels:
    app: pomerium-proxy
spec:
  replicas: 1
  selector:
    matchLabels:
      app: pomerium-proxy
  template:
    metadata:
      labels:
        app: pomerium-proxy
    spec:
      containers:
        - image: pomerium/pomerium:v0.5.0
          name: pomerium-proxy
          args:
            - --config=/etc/pomerium/config.yaml
          ports:
            - containerPort: 80
              name: http
              protocol: TCP
          env:
            - name: SERVICES
              value: proxy
            - name: SHARED_SECRET
              valueFrom:
                secretKeyRef:
                  name: shared-secret
                  key: shared-secret
            - name: COOKIE_SECRET
              valueFrom:
                secretKeyRef:
                  name: cookie-secret
                  key: cookie-secret
          readinessProbe:
            httpGet:
              path: /ping
              port: 80
              scheme: HTTP
          livenessProbe:
            httpGet:
              path: /ping
              port: 80
              scheme: HTTP
            initialDelaySeconds: 10
            timeoutSeconds: 1
          volumeMounts:
            - mountPath: /etc/pomerium/
              name: config
      volumes:
        - name: config
          configMap:
            name: config