I can try create a new domain verify.corp.domain.com and target it to IP of that cluster and try on that service. It probably will work.
Hovewer I don’t understand how to scale that setup to multiple clusters.
Should I create a sidecar container with pomerium to each service and one global verifyer? Or one per cluster? Can I just silently work without a global verifier?
I’m not sure I understand what exactly is not working with /.pomerium special path.
verify application is merely a reference example and is not a mandatory part of Pomerium installation
I’m not sure why do you need insecure_server: true and "address:80` in your config. Pomerium is normally supposed to handle TLS traffic, with HTTP-only mode reserved for some exotic (and in general non-recommended) deployment scenarios.
WRT to multi-cluster operation, current recommended deployment is to run Pomerium 0.18+ with Postgres backend in the all-in-one mode (i.e. you do not need to split into proxy, databroker, authorize and authenticate). Pomerium caches the data it receives from the database, thus the latency between individual Pomerium instance and the database do not contribute to the request latency. You may run Pomerium instance per cluster, or if all clusters are in the same region, just run one instance serving all of them.