Mercurial > code > home > repos > pomerium

view 20-kube/10-pom-pom.yaml @ 21:9bff6004bd60

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
turn postgres back on
author drewp@bigasterisk.com
date Thu, 20 Apr 2023 10:40:40 -0700
parents 021ddfa73806
children
line wrap: on
line source

apiVersion: ingress.pomerium.io/v1
kind: Pomerium
metadata:
  name: global
spec:
  secrets: pomerium/bootstrap
  authenticate:
    url: https://authenticate.bigasterisk.com
  cookie:
    expire: 20h
  identityProvider:
    provider: oidc
    url: https://accounts.google.com
    scopes:
      - openid
      - email
      # adds name+locale to user details
      - profile
    secret: pomerium/idp
  storage:
    postgres:
      secret: pomerium/postgres-connection-key
  # Note pom won't start up if this cert doesn't exist, so you have to run once
  # with it commented out, then after cert success, run again with it enabled.
  certificates: [pomerium/pomerium-proxy-tls]