apiVersion: ingress.pomerium.io/v1
kind: Pomerium
metadata:
  name: global
spec:
  secrets: pomerium/bootstrap
  authenticate:
    url: https://authenticate.bigasterisk.com
  identityProvider:
    provider: google
    secret: pomerium/idp
    refreshDirectory:
      interval: "10h"
      timeout: "10s"
  # Note pom won't start up if this cert doesn't exist, so you have to run once
  # with it commented out, then after cert success, run again with it enabled.
  certificates: [pomerium/pomerium-proxy-tls]