authenticate:
  idp:
    provider: "google"
    clientID: YOUR_CLIENT_ID
    clientSecret: YOUR_SECRET
    # Required for group data
    # https://www.pomerium.com/configuration/#identity-provider-service-account
    serviceAccount: YOUR_SERVICE_ACCOUNT 
  service:
    annotations:
      cloud.google.com/app-protocols: '{"https":"HTTPS"}'

proxy:
  service:
    annotations:
      cloud.google.com/app-protocols: '{"https":"HTTPS"}'

service:
  type: NodePort

config:
  rootDomain: corp.beyondperimeter.com
  policy:
    - from: https://hello.corp.beyondperimeter.com
      to: http://nginx.default.svc.cluster.local:80
      allowed_domains:
        - gmail.com

ingress:
  annotations:
    kubernetes.io/ingress.allow-http: "false"