Yitaek/pomerium-values.yaml

## pomerium-values.yaml
authenticate:
  idp:
    provider: "google"
    clientID: "<CLIENT_ID>.apps.googleusercontent.com"
    clientSecret: "<CLIENT_SECRET>"

config:
  sharedSecret: random-secret
  cookieSecret: super-secret
  rootDomain: mydomain.example.com
  generateTLS: false
  insecure: true

  policy:
    # this route is directly proxied by pomerium & injects the authorization header
    - from: https://k8s-dashboard.mydomain.example.com
      to: https://kubernetes-dashboard.kubernetes-dashboard
      allowed_domains:
        - example.com
      tls_skip_verify: true # dashboard uses self-signed certificates in its default configuration
      set_request_headers:
        Authorization: "Bearer <EKS-admin-token>"
ingress:
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.tls: "true"
  secretName: wildcard-cert
	authenticate:
	idp:
	provider: "google"
	clientID: "<CLIENT_ID>.apps.googleusercontent.com"
	clientSecret: "<CLIENT_SECRET>"

	config:
	sharedSecret: random-secret
	cookieSecret: super-secret
	rootDomain: mydomain.example.com
	generateTLS: false
	insecure: true

	policy:
	# this route is directly proxied by pomerium & injects the authorization header
	- from: https://k8s-dashboard.mydomain.example.com
	to: https://kubernetes-dashboard.kubernetes-dashboard
	allowed_domains:
	- example.com
	tls_skip_verify: true # dashboard uses self-signed certificates in its default configuration
	set_request_headers:
	Authorization: "Bearer <EKS-admin-token>"
	ingress:
	annotations:
	cert-manager.io/cluster-issuer: letsencrypt-prod
	traefik.ingress.kubernetes.io/router.entrypoints: websecure
	traefik.ingress.kubernetes.io/router.tls: "true"
	secretName: wildcard-cert