Skip to content
This repository has been archived by the owner on Feb 11, 2021. It is now read-only.

Latest commit

 

History

History
22 lines (17 loc) · 1002 Bytes

README.md

File metadata and controls

22 lines (17 loc) · 1002 Bytes
Raw

playhrzn-k8s

Pomerium

Pomerium is declared as a HelmRelease here.

Any secret values required by this deployment are sealed and declared as a SealedSecret here. The Helm Operator consumes and merges the secret with the values declared in the HelmRelease.

The following code block is a representation of the secret:

config:
  sharedSecret: $(head -c32 /dev/urandom | base64)
  cookieSecret: $(head -c32 /dev/urandom | base64)
authenticate:
  idp:
    provider: google
    url: https://accounts.google.com
    clientID: ${OAUTH_CLIENT_ID}.apps.googleusercontent.com
    clientSecret: ${OAUTH_CLIENT_SECRET}
    serviceAccount: $(jq -r '. += {"impersonate_user": "[email protected]"} | @base64')