mirror of
https://github.com/pomerium/pomerium.git
synced 2025-04-30 10:56:28 +02:00
49 lines
1.3 KiB
YAML
49 lines
1.3 KiB
YAML
authenticate:
|
|
existingTLSSecret: pomerium-tls
|
|
idp:
|
|
provider: "google"
|
|
clientID: YOUR_CLIENT_ID
|
|
clientSecret: YOUR_SECRET
|
|
serviceAccount: YOUR_SERVICE_ACCOUNT
|
|
proxied: false
|
|
|
|
proxy:
|
|
existingTLSSecret: pomerium-tls
|
|
|
|
databroker:
|
|
existingTLSSecret: pomerium-tls
|
|
storage:
|
|
connectionString: rediss://pomerium-redis-master.pomerium.svc.cluster.local
|
|
type: redis
|
|
clientTLS:
|
|
existingSecretName: pomerium-tls
|
|
existingCASecretKey: ca.crt
|
|
|
|
authorize:
|
|
existingTLSSecret: pomerium-tls
|
|
|
|
redis:
|
|
enabled: true
|
|
auth:
|
|
enabled: false
|
|
usePassword: false
|
|
generateTLS: false
|
|
tls:
|
|
certificateSecret: pomerium-redis-tls
|
|
|
|
ingressController:
|
|
enabled: true
|
|
|
|
config:
|
|
rootDomain: localhost.pomerium.io
|
|
existingCASecret: pomerium-tls
|
|
generateTLS: false # On by default, disabled when cert-manager or another solution is in place.
|
|
# The policy block isn't required when using the Pomerium Ingress Controller, as routes are defined
|
|
# by the addition of Ingress Resources.
|
|
# routes:
|
|
# # This will be our testing app, to confirm that Pomerium is authenticating and routing traffic.
|
|
# - from: https://authenticate.localhost.pomerium.io
|
|
# to: https://pomerium-authenticate.pomerium.svc.cluster.local
|
|
# preserve_host_header: true
|
|
# allow_public_unauthenticated_access: true
|
|
# policy:
|