Skip to content

Allowing to have 2 pomerium ICs in a same cluster#1388

Draft
wasaga wants to merge 2 commits intomainfrom
wasaga/two-pomerium-ics
Draft

Allowing to have 2 pomerium ICs in a same cluster#1388
wasaga wants to merge 2 commits intomainfrom
wasaga/two-pomerium-ics

Conversation

@wasaga
Copy link
Copy Markdown
Contributor

@wasaga wasaga commented Apr 28, 2026
edited
Loading

config

apiVersion: ingress.pomerium.io/v1
kind: Pomerium
metadata:
  name: global-mcp
spec:
  secrets: pomerium-mcp/bootstrap
  # persistent data broker is required for MCP
  storage:
    file:
      path: /data/pomerium.db
  runtimeFlags:
    mcp: true
  # specifies the allowed domains for upstream AS/PRM metadata URLs. Supports wildcard patterns like "*.example.com". This restricts which domains Pomerium will contact during upstream OAuth discovery (resource_metadata from WWW-Authenticate, authorization_servers from PRM). 
  mcpAllowedAsMetadataDomains: []
  # specifies the allowed domains for MCP client ID metadata URLs. This is required when MCP is enabled.
  mcpAllowedClientIdDomains: ["vscode.dev", "claude.ai"]

wasaga added 2 commits April 27, 2026 20:09
@wasaga
Allowing to have 2 pomerium ICs in a same cluster
046c055
@wasaga
pomerium-mcp: install CRDs via kustomization; add sample global confi…
8fc6ad4 
…g CR

Include ../crd in resources so `kubectl apply -k config/pomerium-mcp` is
self-sufficient, mirroring config/default. The Pomerium global-mcp CR is
customer-specific so it lives as a sibling pomerium-crd.yaml, applied
separately rather than via the kustomization.
@wasaga wasaga mentioned this pull request Apr 28, 2026
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@wasaga