authenticate:
  idp:
    provider: "google"
    clientID: YOUR_CLIENT_ID
    clientSecret: YOUR_SECRET
    # Required for group data
    # https://www.pomerium.com/configuration/#identity-provider-service-account
    serviceAccount: YOUR_SERVICE_ACCOUNT
  service:
    type: NodePort
    annotations:
      cloud.google.com/app-protocols: '{"https":"HTTPS"}'

proxy:
  service:
    type: NodePort
    annotations:
      cloud.google.com/app-protocols: '{"https":"HTTPS"}'

config:
  rootDomain: localhost.pomerium.io
  policy:
    - from: https://hello.localhost.pomerium.io
      to: http://nginx.default.svc.cluster.local:80
      allowed_domains:
        - gmail.com

ingress:
  annotations:
    kubernetes.io/ingress.allow-http: "false"