Mercurial > code > home > repos > pomerium

view 20-kube/10-pom-pom.yaml @ 5:0ae82df13719

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
renames and file splits, mostly
author drewp@bigasterisk.com
date Mon, 12 Dec 2022 23:15:13 -0800
parents kube/10-pomerium.yaml@b605b92e89b8
children 768a373ff151
line wrap: on
line source

apiVersion: ingress.pomerium.io/v1
kind: Pomerium
metadata:
  name: global
spec:
  secrets: pomerium/bootstrap
  authenticate:
    url: https://authenticate.bigasterisk.com
  identityProvider:
    provider: oidc
    url: https://accounts.google.com
    scopes:
      - openid
      - email
      # adds name+locale to user details
      - profile
    secret: pomerium/idp

  # Note pom won't start up if this cert doesn't exist, so you have to run once
  # with it commented out, then after cert success, run again with it enabled.
  certificates: [pomerium/pomerium-proxy-tls]