mirror of
https://github.com/pomerium/pomerium.git
synced 2025-05-18 03:27:16 +02:00
4cb3281af7
* update k8s install for ingress conrtoller * typo correction * prep k8s section * squashme * init Ingress Controller doc Co-authored-by: travisgroth <tgroth@pomerium.com> Co-authored-by: wasaga <dmishin@pomerium.com> * update, organize, annotate * breakout custom from standard annotations * more info links * Update docs/docs/k8s/ingress.md Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> * Update docs/docs/k8s/ingress.md Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> * Update docs/docs/k8s/ingress.md Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> * prep k8s section * document YAML policies in Ingress * sort and compress standard annotations * final draft * link cleanup * Create ingress.md * Update docs/docs/k8s/ingress.md Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> * Apply suggestions from code review * rm redundant config * fix file reference * update available annotations * Copy Proofread Grammar updates. * discussed copy edit * whitespace cleanup * add redirect for moved k8s docs * fixed malformed links * Update docs/docs/k8s/ingress.md Co-authored-by: bobby <1544881+desimone@users.noreply.github.com> * Update docs/docs/k8s/ingress.md Co-authored-by: bobby <1544881+desimone@users.noreply.github.com> Update docs/docs/k8s/ingress.md Co-authored-by: bobby <1544881+desimone@users.noreply.github.com> Update docs/docs/k8s/ingress.md Co-authored-by: bobby <1544881+desimone@users.noreply.github.com> partial copy edits Update docs/docs/k8s/ingress.md Co-authored-by: bobby <1544881+desimone@users.noreply.github.com> Update docs/docs/k8s/ingress.md Co-authored-by: bobby <1544881+desimone@users.noreply.github.com> partial copy edits Update docs/docs/k8s/ingress.md Co-authored-by: bobby <1544881+desimone@users.noreply.github.com> Update docs/docs/k8s/ingress.md Co-authored-by: bobby <1544881+desimone@users.noreply.github.com> Update docs/docs/k8s/ingress.md Co-authored-by: bobby <1544881+desimone@users.noreply.github.com> partial copy edits * One last TLS * Update docs/docs/k8s/ingress.md Co-authored-by: bobby <1544881+desimone@users.noreply.github.com> * clarify namespaces flag * Update docs/docs/k8s/ingress.md Co-authored-by: bobby <1544881+desimone@users.noreply.github.com> Co-authored-by: travisgroth <tgroth@pomerium.com> Co-authored-by: wasaga <dmishin@pomerium.com> Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> Co-authored-by: cmo-pomerium <91488121+cmo-pomerium@users.noreply.github.com> Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
49 lines
1.3 KiB
YAML
49 lines
1.3 KiB
YAML
authenticate:
|
|
existingTLSSecret: pomerium-tls
|
|
idp:
|
|
provider: "google"
|
|
clientID: YOUR_CLIENT_ID
|
|
clientSecret: YOUR_SECRET
|
|
serviceAccount: YOUR_SERVICE_ACCOUNT
|
|
proxied: false
|
|
|
|
proxy:
|
|
existingTLSSecret: pomerium-tls
|
|
|
|
databroker:
|
|
existingTLSSecret: pomerium-tls
|
|
storage:
|
|
connectionString: rediss://pomerium-redis-master.pomerium.svc.cluster.local
|
|
type: redis
|
|
clientTLS:
|
|
existingSecretName: pomerium-tls
|
|
existingCASecretKey: ca.crt
|
|
|
|
authorize:
|
|
existingTLSSecret: pomerium-tls
|
|
|
|
redis:
|
|
enabled: true
|
|
auth:
|
|
enabled: false
|
|
usePassword: false
|
|
generateTLS: false
|
|
tls:
|
|
certificateSecret: pomerium-redis-tls
|
|
|
|
ingressController:
|
|
enabled: true
|
|
|
|
config:
|
|
rootDomain: localhost.pomerium.io
|
|
existingCASecret: pomerium-tls
|
|
generateTLS: false # On by default, disabled when cert-manager or another solution is in place.
|
|
# The policy block isn't required when using the Pomerium Ingress Controller, as routes are defined
|
|
# by the addition of Ingress Resources.
|
|
# routes:
|
|
# # This will be our testing app, to confirm that Pomerium is authenticating and routing traffic.
|
|
# - from: https://authenticate.localhost.pomerium.io
|
|
# to: https://pomerium-authenticate.pomerium.svc.cluster.local
|
|
# preserve_host_header: true
|
|
# allow_public_unauthenticated_access: true
|
|
# policy:
|