1apiVersion: v1 2kind: Service 3metadata: 4 name: pomerium-cache-service 5spec: 6 clusterIP: None # cache is a headless service! 7 ports: 8 - port: 443 9 name: grpc 10 selector: 11 app: pomerium-cache 12 type: ClusterIP 13--- 14apiVersion: apps/v1 15kind: Deployment 16metadata: 17 name: pomerium-cache 18 labels: 19 app: pomerium-cache 20spec: 21 replicas: 1 22 selector: 23 matchLabels: 24 app: pomerium-cache 25 template: 26 metadata: 27 labels: 28 app: pomerium-cache 29 spec: 30 containers: 31 - image: pomerium/pomerium:master 32 name: pomerium-cache 33 args: 34 - --config=/etc/pomerium/config.yaml 35 ports: 36 - containerPort: 443 37 name: grpc 38 protocol: TCP 39 env: 40 - name: SERVICES 41 value: cache 42 - name: SHARED_SECRET 43 valueFrom: 44 secretKeyRef: 45 name: shared-secret 46 key: shared-secret 47 readinessProbe: 48 tcpSocket: 49 port: 443 50 initialDelaySeconds: 5 51 periodSeconds: 10 52 livenessProbe: 53 tcpSocket: 54 port: 443 55 initialDelaySeconds: 15 56 periodSeconds: 20 57 58 volumeMounts: 59 - mountPath: /etc/pomerium/ 60 name: config 61 volumes: 62 - name: config 63 configMap: 64 name: config 65