Mercurial > code > home > repos > pomerium
changeset 20:021ddfa73806
try things to get sessions that don't quickly expire (fetch requests have CORS errors). these may not be working
| author | drewp@bigasterisk.com |
|---|---|
| date | Wed, 19 Apr 2023 16:36:55 -0700 |
| parents | 76e097b3e248 |
| children | 9bff6004bd60 |
| files | 20-kube/10-pom-pom.yaml 20-kube/20-pom-deploy.yaml |
| diffstat | 2 files changed, 6 insertions(+), 5 deletions(-) [+] |
line wrap: on
line diff
--- a/20-kube/10-pom-pom.yaml Sun Apr 09 16:37:28 2023 -0700 +++ b/20-kube/10-pom-pom.yaml Wed Apr 19 16:36:55 2023 -0700 @@ -6,6 +6,8 @@ secrets: pomerium/bootstrap authenticate: url: https://authenticate.bigasterisk.com + cookie: + expire: 20h identityProvider: provider: oidc url: https://accounts.google.com @@ -15,10 +17,9 @@ # adds name+locale to user details - profile secret: pomerium/idp - storage: - postgres: - secret: pomerium/postgres-connection-key - + # storage: + # postgres: + # secret: pomerium/postgres-connection-key # Note pom won't start up if this cert doesn't exist, so you have to run once # with it commented out, then after cert success, run again with it enabled. certificates: [pomerium/pomerium-proxy-tls]
--- a/20-kube/20-pom-deploy.yaml Sun Apr 09 16:37:28 2023 -0700 +++ b/20-kube/20-pom-deploy.yaml Wed Apr 19 16:36:55 2023 -0700 @@ -5,7 +5,7 @@ name: pomerium namespace: pomerium spec: - replicas: 3 + replicas: 1 strategy: { type: RollingUpdate } selector: matchLabels: { app.kubernetes.io/name: pomerium }