Files
@ 695948b426ae
Branch filter:
Location: pomerium/20-kube/10-pom-pom.yaml - annotation
695948b426ae
675 B
text/x-yaml
redo config with kustomize (still has a bug with pomerium-proxy-tls secret name getting a suffix)
0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 021ddfa73806 021ddfa73806 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 0ae82df13719 9bff6004bd60 9bff6004bd60 9bff6004bd60 0ae82df13719 0ae82df13719 0ae82df13719 | apiVersion: ingress.pomerium.io/v1
kind: Pomerium
metadata:
name: global
spec:
secrets: pomerium/bootstrap
authenticate:
url: https://authenticate.bigasterisk.com
cookie:
expire: 20h
identityProvider:
provider: oidc
url: https://accounts.google.com
scopes:
- openid
- email
# adds name+locale to user details
- profile
secret: pomerium/idp
storage:
postgres:
secret: pomerium/postgres-connection-key
# Note pom won't start up if this cert doesn't exist, so you have to run once
# with it commented out, then after cert success, run again with it enabled.
certificates: [pomerium/pomerium-proxy-tls]
|