mirror of
https://github.com/pomerium/pomerium.git
synced 2025-06-03 19:32:48 +02:00
53 lines
1.4 KiB
YAML
53 lines
1.4 KiB
YAML
authenticate:
|
|
existingTLSSecret: pomerium-tls
|
|
idp:
|
|
provider: "google"
|
|
clientID: YOUR_CLIENT_ID
|
|
clientSecret: YOUR_SECRET
|
|
serviceAccount: YOUR_SERVICE_ACCOUNT
|
|
proxied: false
|
|
|
|
proxy:
|
|
existingTLSSecret: pomerium-tls
|
|
service:
|
|
type: LoadBalancer
|
|
|
|
databroker:
|
|
existingTLSSecret: pomerium-tls
|
|
storage:
|
|
connectionString: rediss://pomerium-redis-master.pomerium.svc.cluster.local
|
|
type: redis
|
|
clientTLS:
|
|
existingSecretName: pomerium-tls
|
|
existingCASecretKey: ca.crt
|
|
|
|
authorize:
|
|
existingTLSSecret: pomerium-tls
|
|
|
|
redis:
|
|
enabled: true
|
|
auth:
|
|
enabled: false
|
|
usePassword: false
|
|
generateTLS: false
|
|
tls:
|
|
certificateSecret: pomerium-redis-tls
|
|
|
|
ingress:
|
|
enabled: false
|
|
|
|
ingressController:
|
|
enabled: true
|
|
|
|
config:
|
|
sharedSecret: YOURSHAREDSECRET # You can use "head -c32 /dev/urandom | base64" to generate.
|
|
cookieSecret: YOURCOOKIESECRET # You can use "head -c32 /dev/urandom | base64" to generate.
|
|
rootDomain: localhost.pomerium.io
|
|
existingCASecret: pomerium-tls
|
|
generateTLS: false # On by default, disabled when cert-manager or another solution is in place.
|
|
policy:
|
|
# This will be our testing app, to confirm that Pomerium is authenticating and routing traffic.
|
|
- from: https://authenticate.localhost.pomerium.io
|
|
to: https://pomerium-authenticate.pomerium.svc.cluster.local
|
|
preserve_host_header: true
|
|
allow_public_unauthenticated_access: true
|