Mercurial > code > home > repos > pomerium

view kube/10-pomerium.yaml @ 1:9d3a9e524ad3

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
fuss with ns and stuff to get it working. forward all (over http) to nginx at first
author drewp@bigasterisk.com
date Tue, 13 Sep 2022 22:32:50 -0700
parents 6bf643829330
children b605b92e89b8
line wrap: on
line source

apiVersion: ingress.pomerium.io/v1
kind: Pomerium
metadata:
  name: global
spec:
  secrets: pomerium/bootstrap
  authenticate:
    url: https://authenticate.bigasterisk.com
  identityProvider:
    provider: google
    secret: pomerium/idp
    refreshDirectory:
      interval: "10h"
      timeout: "10s"
  # Note pom won't start up if this cert doesn't exist, so you have to run once
  # with it commented out, then after cert success, run again with it enabled.
  certificates: [pomerium/pomerium-proxy-tls]