apiVersion: ingress.pomerium.io/v1
kind: Pomerium
metadata:
  name: global
spec:
  secrets: pomerium/bootstrap
  authenticate:
    url: https://authenticate.bigasterisk.com
  identityProvider:
    provider: oidc
    url: https://accounts.google.com
    scopes:
      - openid
      - email
      # adds name+locale to user details
      - profile
    secret: pomerium/idp
  storage:
    postgres:
      secret: pomerium/postgres-connection-key

  # Note pom won't start up if this cert doesn't exist, so you have to run once
  # with it commented out, then after cert success, run again with it enabled.
  certificates: [pomerium/pomerium-proxy-tls]