policy.example.yaml

# Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
# Use of this source code is governed by a BSD-style
# license that can be found in the LICENSE file.

address: ":8080"
metrics_address: ":9090"
# grcp_address: ":8080"  # default is 5443. Can't be the same as `address`.

# this is set because the service is behind an ssl ingress
insecure_server: true
# we use cert-manager
autocert: false

routes:
  # from is the hostname you want to use for the application and
  # an ingress for that host should exist pointing to the http port
  # of pomerium's service.
  # The to field should point to the internal service you want to protect.
  - from: https://grafana.example.com
    to: http://grafana.monitoring.svc.cluster.local:3000
    policy:
      - allow:
          or:
            # ldap groups configured in dex
            - claim/groups: group1
            - claim/groups: group2
            # You can use other conditions, like:
            # - email:
            # is: sales@sighup.io