3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-07-14 07:18:21 +02:00
Code Issues Projects Releases Packages Wiki Activity

docs: document service account requirements (#999)

Browse source
This commit is contained in:
Travis Groth 2020-06-25 19:32:36 -04:00 committed by GitHub
parent 917d8ec61b
commit c049d87362
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 59 additions and 41 deletions
Download patch file Download diff file Expand all files Collapse all files

8
docs/configuration/examples/config/config.example.env
View file

@ -40,10 +40,6 @@ export COOKIE_SECRET="$(head -c32 /dev/urandom | base64)"
export IDP_PROVIDER="google"
export IDP_PROVIDER_URL="https://accounts.google.com" # optional for google
# IF GSUITE and you want to get user groups you will need to set a service account
# see identity provider docs for gooogle for more info :
# export IDP_SERVICE_ACCOUNT=$(echo '{"impersonate_user": "bdd@pomerium.io"}' | base64)
# OKTA
# export IDP_PROVIDER="okta"
# export IDP_CLIENT_ID="REPLACEME"
@ -62,3 +58,7 @@ export IDP_PROVIDER_URL="https://accounts.google.com" # optional for google
# directly as a base64 encoded yaml/json file, or as the policy key in the configuration
# file
export POLICY="$(base64 ./docs/configuration/examples/config/policy.example.yaml)"
# For Group data you must set an IDP_SERVICE_ACCOUNT
# https://www.pomerium.com/configuration/#identity-provider-service-account
# export IDP_SERVICE_ACCOUNT=$( echo YOUR_SERVICE_ACCOUNT | base64)

3
docs/configuration/examples/config/config.example.yaml
View file

@ -64,6 +64,9 @@ authenticate_service_url: https://authenticate.corp.beyondperimeter.com
# scope: "openid email" # generally, you want the default OIDC scopes
# For Group data you must set an IDP_SERVICE_ACCOUNT
# idp_service_account: YOUR_SERVICE_ACCOUNT
# Proxied routes and per-route policies are defined in a policy block
policy:
- from: https://httpbin.corp.beyondperimeter.com

3
docs/configuration/examples/kubernetes/kubernetes-config.yaml
View file

@ -13,6 +13,9 @@ override_certificate_name: "*.corp.beyondperimeter.com"
idp_provider: google
idp_client_id: REPLACE_ME.apps.googleusercontent.com
idp_client_secret: "REPLACE_ME"
# Required for group data
# https://www.pomerium.com/configuration/#identity-provider-service-account
idp_service_account: YOUR_SERVICE_ACCOUNT
policy:
- from: https://httpbin.corp.beyondperimeter.com

3
docs/configuration/examples/kubernetes/values.yaml
View file

@ -3,6 +3,9 @@ authenticate:
provider: "google"
clientID: YOUR_CLIENT_ID
clientSecret: YOUR_SECRET
# Required for group data
# https://www.pomerium.com/configuration/#identity-provider-service-account
serviceAccount: YOUR_SERVICE_ACCOUNT
service:
annotations:
cloud.google.com/app-protocols: '{"https":"HTTPS"}'