mirror of
https://github.com/pomerium/pomerium.git
synced 2025-07-31 07:19:16 +02:00
5fd8cf60d5
* zero/k8s: use deployments * secret mount readonly Co-authored-by: Joe Kralicky <joekralicky@gmail.com> * adjust according to comments --------- Co-authored-by: Joe Kralicky <joekralicky@gmail.com>
34 lines
870 B
YAML
34 lines
870 B
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: pomerium
|
|
spec:
|
|
template:
|
|
spec:
|
|
nodeSelector:
|
|
kubernetes.io/os: linux
|
|
containers:
|
|
- name: pomerium
|
|
env:
|
|
- name: TMPDIR
|
|
value: "/tmp/pomerium"
|
|
- name: XDG_CACHE_HOME
|
|
value: "/tmp/pomerium/cache"
|
|
- name: XDG_DATA_HOME
|
|
value: "/tmp/pomerium/cache"
|
|
volumeMounts:
|
|
- mountPath: "/tmp/pomerium"
|
|
name: tmp
|
|
- mountPath: "/var/run/secrets/pomerium"
|
|
name: bootstrap
|
|
readOnly: true
|
|
volumes:
|
|
- name: tmp
|
|
emptyDir: {}
|
|
- name: bootstrap
|
|
secret:
|
|
optional: true
|
|
secretName: pomerium
|
|
items:
|
|
- key: bootstrap
|
|
path: bootstrap.dat
|