apiVersion: ingress.pomerium.io/v1
kind: Pomerium
metadata:
name: global
spec:
secrets: pomerium/bootstrap
authenticate:
url: https://authenticate.bigasterisk.com
identityProvider:
provider: oidc
url: https://accounts.google.com
scopes:
- openid
- email
# adds name+locale to user details
- profile
secret: pomerium/idp
storage:
postgres:
secret: pomerium/postgres-connection-key
# Note pom won't start up if this cert doesn't exist, so you have to run once
# with it commented out, then after cert success, run again with it enabled.
certificates: [pomerium/pomerium-proxy-tls]