mirror of
https://github.com/pomerium/pomerium.git
synced 2025-07-16 08:16:18 +02:00
5fd8cf60d5
* zero/k8s: use deployments * secret mount readonly Co-authored-by: Joe Kralicky <joekralicky@gmail.com> * adjust according to comments --------- Co-authored-by: Joe Kralicky <joekralicky@gmail.com>
29 lines
875 B
YAML
29 lines
875 B
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: pomerium
|
|
spec:
|
|
template:
|
|
spec:
|
|
containers:
|
|
- name: pomerium
|
|
env:
|
|
- name: POMERIUM_ZERO_TOKEN
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: pomerium
|
|
key: pomerium_zero_token
|
|
optional: false
|
|
- name: POMERIUM_NAMESPACE
|
|
valueFrom:
|
|
fieldRef:
|
|
apiVersion: v1
|
|
fieldPath: metadata.namespace
|
|
- name: BOOTSTRAP_CONFIG_FILE
|
|
value: "/var/run/secrets/pomerium/bootstrap.dat"
|
|
- name: BOOTSTRAP_CONFIG_WRITEBACK_URI
|
|
value: "secret://$(POMERIUM_NAMESPACE)/pomerium/bootstrap"
|
|
- name: POD_IP
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: status.podIP
|