# Main configuration flags : https://www.pomerium.com/docs/reference/

insecure_server: true
grpc_insecure: true
address: ":80"
grpc_address: ":80"

authenticate_service_url: https://authenticate.localhost.pomerium.io
authorize_service_url: http://pomerium-authorize-service.default.svc.cluster.local
databroker_service_url: http://pomerium-databroker-service.default.svc.cluster.local

override_certificate_name: "*.localhost.pomerium.io"

idp_provider: google
idp_client_id: REPLACE_ME.apps.googleusercontent.com
idp_client_secret: "REPLACE_ME"
# Required for group data
# https://www.pomerium.com/configuration/#identity-provider-service-account
idp_service_account: YOUR_SERVICE_ACCOUNT

policy:
  - from: https://verify.localhost.pomerium.io
    to: http://httpbin.default.svc.cluster.local:8000
    allowed_domains:
      - gmail.com