pomerium/examples/kubernetes/kubernetes-config.yaml

# Main configuration flags : https://www.pomerium.io/docs/reference/reference/
insecure_server: true
grpc_insecure: true
address: ":80"
grpc_address: ":80"

authenticate_service_url: https://authenticate.corp.beyondperimeter.com
authorize_service_url: http://pomerium-authorize-service.default.svc.cluster.local
databroker_service_url: http://pomerium-cache-service.default.svc.cluster.local

override_certificate_name: "*.corp.beyondperimeter.com"

idp_provider: google
idp_client_id: REPLACE_ME.apps.googleusercontent.com
idp_client_secret: "REPLACE_ME"
# Required for group data
# https://www.pomerium.com/configuration/#identity-provider-service-account
idp_service_account: YOUR_SERVICE_ACCOUNT

policy:
  - from: https://httpbin.corp.beyondperimeter.com
    to: http://httpbin.default.svc.cluster.local:8000
    allowed_domains:
      - gmail.com