Changeset - b605b92e89b8
[Not reviewed]
main default
0 1 0
drewp@bigasterisk.com - 2 years ago 2022-09-15 05:04:29
drewp@bigasterisk.com
change provider to oidc to try to stop failed user directory syncs
1 file changed with 8 insertions and 4 deletions:
0 comments (0 inline, 0 general)
kube/10-pomerium.yaml
Show inline comments
 
apiVersion: ingress.pomerium.io/v1
 
kind: Pomerium
 
metadata:
 
  name: global
 
spec:
 
  secrets: pomerium/bootstrap
 
  authenticate:
 
    url: https://authenticate.bigasterisk.com
 
  identityProvider:
 
    provider: google
 
    provider: oidc
 
    url: https://accounts.google.com
 
    scopes:
 
      - openid
 
      - email
 
      # adds name+locale to user details
 
      - profile
 
    secret: pomerium/idp
 
    refreshDirectory:
 
      interval: "10h"
 
      timeout: "10s"
 

	
 
  # Note pom won't start up if this cert doesn't exist, so you have to run once
 
  # with it commented out, then after cert success, run again with it enabled.
 
  certificates: [pomerium/pomerium-proxy-tls]
0 comments (0 inline, 0 general)