Dear team,
I’m trying to use Pomerium to work as a Identity-Aware Proxy in Azure AKS. I followed the Pomerium Kubernetes Quickstart (Kubernetes Quickstart | Pomerium) and worked fine. After that, I followed the installation, global configuration and ingress configuration. If I use the Hosted Authenticate service, everything works fine.
Any help would be appreciated team.
This is the Global configuration:
apiVersion: ingress.pomerium.io/v1
kind: Pomerium
metadata:
name: global
spec:
secrets: pomerium/bootstrap
authenticate:
url: https://authenticate.pomerium.app
certificates:
- pomerium/pomerium-wildcard-tls
What happened?
If I try to use a different IDP provider (I’ve tried with Okta, Github and Azure AD), I get the error ERR_TOO_MANY_REDIRECTS when I try to access to a service only for authenticated users.
This is the Global configuration:
---
apiVersion: ingress.pomerium.io/v1
kind: Pomerium
metadata:
name: global
spec:
authenticate:
url: https://auth.dev.example.com
cookie:
domain: auth.dev.example.com
certificates:
- pomerium/my-tls-wildcard-secret
identityProvider:
provider: azure
url: https://login.microsoftonline.com/tenant-id/v2.0
secret: pomerium/azure
secrets: pomerium/bootstrap
This is what I can see into the browser network when I try to go to one of the protected services:
https://nginx-promerium.dev.example.com
However, I’m able to go to the same internal service using the annotation: allow_public_unauthenticated_access
https://nginx-pomerium-unauth.dev.example.com
If I try to go to verify page, I get the same ERR_TOO_MANY_REDIRECTS.
Nevertheless, I’m able to go the auth page:
https://auth.dev.example.com/.pomerium/
What’s your environment like?
- Pomerium version (retrieve with
pomerium --version
): v0.25.2 - Server Operating System/Architecture/Cloud: Azure AKS - Kubernetes version 1.28.5
What’s your ingress conf?
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: verify
namespace: pomerium
annotations:
ingress.pomerium.io/allow_any_authenticated_user: 'true'
ingress.pomerium.io/pass_identity_headers: 'true'
spec:
ingressClassName: pomerium
tls:
- hosts:
- verify.dev.example.com
secretName: my-tls-wildcard-secret
rules:
- host: verify.dev.example.com
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: verify
port:
number: 443
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-pomerium
namespace: pomerium
annotations:
ingress.pomerium.io/allow_any_authenticated_user: 'true'
ingress.pomerium.io/pass_identity_headers: 'true'
spec:
ingressClassName: pomerium
tls:
- hosts:
- nginx-pomerium.dev.example.com
secretName: my-tls-wildcard-secret
rules:
- host: nginx-pomerium.dev.example.com
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: http-svc
port:
number: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-pomerium-unauth
namespace: pomerium
annotations:
ingress.pomerium.io/allow_public_unauthenticated_access: 'true'
ingress.pomerium.io/pass_identity_headers: 'true'
spec:
ingressClassName: pomerium
tls:
- hosts:
- nginx-pomerium-unauth.dev.example.com
secretName: my-tls-wildcard-secret
rules:
- host: nginx-pomerium-unauth.dev.example.com
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: http-svc
port:
number: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: auth-pomerium
namespace: pomerium
annotations:
ingress.pomerium.io/allow_public_unauthenticated_access: 'true'
ingress.pomerium.io/pass_identity_headers: 'true'
spec:
ingressClassName: pomerium
tls:
- hosts:
- auth.dev.example.com
secretName: my-tls-wildcard-secret
rules:
- host: auth.dev.example.com
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: pomerium-proxy
port:
number: 443
What did you see in the logs?
kubectl describe pomerium global
Name: global
Namespace:
Labels: argocd.argoproj.io/instance=asm-config
Annotations: <none>
API Version: ingress.pomerium.io/v1
Kind: Pomerium
Metadata:
Creation Timestamp: 2024-04-19T11:21:01Z
Generation: 34
Resource Version: 29548440
UID: 2b975cb7-dca8-46be-bef0-816a112995e9
Spec:
Authenticate:
URL: https://auth.dev.example.com
Certificates:
pomerium/my-tls-wildcard-secret
Cookie:
Domain: auth.dev.example.com
Identity Provider:
Provider: azure
Secret: pomerium/azuretenant-id/0fe65e77-cff2-4f4e-b604-796a2bd02763/v2.0
Secrets: pomerium/bootstrap
Status:
Ingress:
pomerium/auth-pomerium:
Observed At: 2024-04-22T14:04:11Z
Observed Generation: 7
Reconciled: true
pomerium/nginx-pomerium:
Observed At: 2024-04-22T14:11:25Z
Observed Generation: 13
Reconciled: true
pomerium/nginx-pomerium-unauth:
Observed At: 2024-04-22T14:11:25Z
Observed Generation: 1
Reconciled: true
pomerium/verify:
Observed At: 2024-04-22T13:58:25Z
Observed Generation: 1
Reconciled: true
Settings Status:
Observed At: 2024-04-22T13:53:23Z
Observed Generation: 34
Reconciled: true
Warnings:
storage: please specify a persistent storage backend, please see https://www.pomerium.com/docs/topics/data-storage#persistence
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Updated 50m (x10 over 2d16h) bootstrap pod/pomerium-7f654667d9-fnwh7 config updated
Warning Validation 50m (x10 over 2d16h) pomerium-crd storage: please specify a persistent storage backend, please see https://www.pomerium.com/docs/topics/data-storage#persistence
Normal Updated 50m (x10 over 2d16h) pomerium-crd config updated
Normal Updated 45m (x26 over 2d16h) pomerium-ingress pomerium/verify: config updated
Normal Updated 39m (x32 over 2d16h) pomerium-ingress pomerium/auth-pomerium: config updated
Normal Updated 32m (x39 over 2d16h) pomerium-ingress pomerium/nginx-pomerium: config updated
Normal Updated 32m (x2 over 32m) pomerium-ingress pomerium/nginx-pomerium-unauth: config updated
k logs -f $(k get po -n pomerium | grep -v secrets | grep pomerium | awk '{print $1}') -n pomerium
{"level":"info","type":"type.googleapis.com/user.ServiceAccount","query":"","offset":0,"limit":1,"filter":{"$or":[{"id":""},{"$index":""}]},"time":"2024-04-22T14:45:35Z","message":"query"}
{"level":"info","type":"type.googleapis.com/session.Session","query":"","offset":0,"limit":1,"filter":{"$or":[{"id":""},{"$index":""}]},"time":"2024-04-22T14:45:35Z","message":"query"}
{"level":"info","service":"authorize","request-id":"71f368de-2d2b-4bdf-ab29-a845e31e2daf","check-request-id":"71f368de-2d2b-4bdf-ab29-a845e31e2daf","method":"GET","path":"/","host":"nginx-pomerium.dev.example.com","ip":"10.136.0.8","user":"","email":"","allow":false,"allow-why-false":["user-unauthenticated"],"deny":false,"deny-why-false":[],"time":"2024-04-22T14:45:35Z","message":"authorize check"}
{"level":"info","service":"authorize","request-id":"1f576380-6f69-4c25-8d8e-bd339d12499f","check-request-id":"1f576380-6f69-4c25-8d8e-bd339d12499f","method":"GET","path":"/.pomerium/sign_in","host":"auth.dev.example.com","ip":"10.136.0.13","user":"","email":"","allow":true,"allow-why-true":["pomerium-route"],"deny":false,"deny-why-false":[],"time":"2024-04-22T14:45:35Z","message":"authorize check"}
{"level":"info","type":"type.googleapis.com/session.Session","id":"d5409c13-204e-46b4-88c9-d6d16f13744a","time":"2024-04-22T14:45:35Z","message":"get"}
{"level":"info","service":"authorize","request-id":"641b726c-992b-475e-b125-cc4e36157596","check-request-id":"641b726c-992b-475e-b125-cc4e36157596","method":"GET","path":"/.pomerium/callback/","host":"nginx-pomerium.dev.example.com","ip":"10.136.0.13","user":"","email":"","allow":true,"allow-why-true":["pomerium-route"],"deny":false,"deny-why-false":[],"time":"2024-04-22T14:45:35Z","message":"authorize check"}
{"level":"info","service":"authorize","request-id":"9ac02065-acef-42ea-a776-2f85a39842b3","check-request-id":"9ac02065-acef-42ea-a776-2f85a39842b3","method":"GET","path":"/","host":"nginx-pomerium.dev.example.com","ip":"10.136.0.9","user":"","email":"","allow":false,"allow-why-false":["user-unauthenticated"],"deny":false,"deny-why-false":[],"time":"2024-04-22T14:45:35Z","message":"authorize check"}
{"level":"info","service":"authorize","request-id":"1c803fc9-b23f-4e79-8e79-011cb9d2bf83","check-request-id":"1c803fc9-b23f-4e79-8e79-011cb9d2bf83","method":"GET","path":"/.pomerium/sign_in","host":"auth.dev.example.com","ip":"10.136.0.9","user":"","email":"","allow":true,"allow-why-true":["pomerium-route"],"deny":false,"deny-why-false":[],"time":"2024-04-22T14:45:35Z","message":"authorize check"}
{"level":"info","type":"type.googleapis.com/session.Session","id":"d5409c13-204e-46b4-88c9-d6d16f13744a","time":"2024-04-22T14:45:35Z","message":"get"}
{"level":"info","service":"authorize","request-id":"741774ba-27f8-4578-98da-a9e210fddfb3","check-request-id":"741774ba-27f8-4578-98da-a9e210fddfb3","method":"GET","path":"/.pomerium/callback/","host":"nginx-pomerium.dev.example.com","ip":"10.136.0.8","user":"","email":"","allow":true,"allow-why-true":["pomerium-route"],"deny":false,"deny-why-false":[],"time":"2024-04-22T14:45:35Z","message":"authorize check"}
{"level":"info","service":"authorize","request-id":"1d54a649-a929-459f-8c8e-3bdcbac98e22","check-request-id":"1d54a649-a929-459f-8c8e-3bdcbac98e22","method":"GET","path":"/","host":"nginx-pomerium.dev.example.com","ip":"10.136.0.13","user":"","email":"","allow":false,"allow-why-false":["user-unauthenticated"],"deny":false,"deny-why-false":[],"time":"2024-04-22T14:45:35Z","message":"authorize check"}
{"level":"info","service":"envoy","upstream-cluster":"pomerium-control-plane-http","method":"GET","authority":"auth.dev.example.com","path":"/.pomerium/sign_in","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36","referer":"","forwarded-for":"88.17.253.147:51274,10.136.0.13","request-id":"1f576380-6f69-4c25-8d8e-bd339d12499f","duration":11.539246,"size":1022,"response-code":302,"response-code-details":"via_upstream","time":"2024-04-22T14:45:35Z","message":"http-request"}
{"level":"info","service":"authorize","request-id":"ae845e2a-7a63-4836-a5a6-87878bb8e232","check-request-id":"ae845e2a-7a63-4836-a5a6-87878bb8e232","method":"GET","path":"/.pomerium/sign_in","host":"auth.dev.example.com","ip":"10.136.0.8","user":"","email":"","allow":true,"allow-why-true":["pomerium-route"],"deny":false,"deny-why-false":[],"time":"2024-04-22T14:45:35Z","message":"authorize check"}
{"level":"info","type":"type.googleapis.com/session.Session","id":"d5409c13-204e-46b4-88c9-d6d16f13744a","time":"2024-04-22T14:45:35Z","message":"get"}
{"level":"info","service":"envoy","upstream-cluster":"pomerium-control-plane-http","method":"GET","authority":"auth.dev.example.com","path":"/.pomerium/sign_in","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36","referer":"","forwarded-for":"88.17.253.147:51274,10.136.0.9","request-id":"1c803fc9-b23f-4e79-8e79-011cb9d2bf83","duration":4.539039,"size":1023,"response-code":302,"response-code-details":"via_upstream","time":"2024-04-22T14:45:35Z","message":"http-request"}
{"level":"info","service":"envoy","upstream-cluster":"pomerium-control-plane-http","method":"GET","authority":"nginx-pomerium.dev.example.com","path":"/.pomerium/callback/","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36","referer":"","forwarded-for":"88.17.253.147:51272,10.136.0.13","request-id":"641b726c-992b-475e-b125-cc4e36157596","duration":3.071859,"size":88,"response-code":302,"response-code-details":"via_upstream","time":"2024-04-22T14:45:35Z","message":"http-request"}
{"level":"info","service":"envoy","upstream-cluster":"","method":"GET","authority":"nginx-pomerium.dev.example.com","path":"/","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36","referer":"","forwarded-for":"88.17.253.147:51272,10.136.0.9","request-id":"9ac02065-acef-42ea-a776-2f85a39842b3","duration":2.858062,"size":1486,"response-code":302,"response-code-details":"ext_authz_denied","time":"2024-04-22T14:45:35Z","message":"http-request"}
{"level":"info","service":"envoy","upstream-cluster":"","method":"GET","authority":"nginx-pomerium.dev.example.com","path":"/","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36","referer":"","forwarded-for":"88.17.253.147:51272,10.136.0.13","request-id":"1d54a649-a929-459f-8c8e-3bdcbac98e22","duration":2.575765,"size":1486,"response-code":302,"response-code-details":"ext_authz_denied","time":"2024-04-22T14:45:35Z","message":"http-request"}
{"level":"info","service":"authorize","request-id":"8561b80f-a23c-4d1d-b8d3-0bacba6c3d56","check-request-id":"8561b80f-a23c-4d1d-b8d3-0bacba6c3d56","method":"GET","path":"/.pomerium/callback/","host":"nginx-pomerium.dev.example.com","ip":"10.136.0.9","user":"","email":"","allow":true,"allow-why-true":["pomerium-route"],"deny":false,"deny-why-false":[],"time":"2024-04-22T14:45:35Z","message":"authorize check"}
{"level":"info","service":"authorize","request-id":"3b72ba9c-788e-4503-89c3-3d91b97bcbdc","check-request-id":"3b72ba9c-788e-4503-89c3-3d91b97bcbdc","method":"GET","path":"/","host":"nginx-pomerium.dev.example.com","ip":"10.136.0.8","user":"","email":"","allow":false,"allow-why-false":["user-unauthenticated"],"deny":false,"deny-why-false":[],"time":"2024-04-22T14:45:35Z","message":"authorize check"}
{"level":"info","service":"authorize","request-id":"e6d509e7-0cfa-4b32-9b41-5ca5e63eda7d","check-request-id":"e6d509e7-0cfa-4b32-9b41-5ca5e63eda7d","method":"GET","path":"/.pomerium/sign_in","host":"auth.dev.example.com","ip":"10.136.0.13","user":"","email":"","allow":true,"allow-why-true":["pomerium-route"],"deny":false,"deny-why-false":[],"time":"2024-04-22T14:45:35Z","message":"authorize check"}
{"level":"info","type":"type.googleapis.com/session.Session","id":"d5409c13-204e-46b4-88c9-d6d16f13744a","time":"2024-04-22T14:45:35Z","message":"get"}
{"level":"info","service":"authorize","request-id":"b6d18dec-53f3-4ab8-81b0-383606b6db45","check-request-id":"b6d18dec-53f3-4ab8-81b0-383606b6db45","method":"GET","path":"/.pomerium/callback/","host":"nginx-pomerium.dev.example.com","ip":"10.136.0.13","user":"","email":"","allow":true,"allow-why-true":["pomerium-route"],"deny":false,"deny-why-false":[],"time":"2024-04-22T14:45:35Z","message":"authorize check"}
{"level":"info","service":"authorize","request-id":"7f116cac-943f-4f4e-950c-2919224c70d6","check-request-id":"7f116cac-943f-4f4e-950c-2919224c70d6","method":"GET","path":"/","host":"nginx-pomerium.dev.example.com","ip":"10.136.0.9","user":"","email":"","allow":false,"allow-why-false":["user-unauthenticated"],"deny":false,"deny-why-false":[],"time":"2024-04-22T14:45:35Z","message":"authorize check"}
{"level":"info","service":"authorize","request-id":"668ab027-3481-448f-bfaa-f5cee3fcad4e","check-request-id":"668ab027-3481-448f-bfaa-f5cee3fcad4e","method":"GET","path":"/.pomerium/sign_in","host":"auth.dev.example.com","ip":"10.136.0.9","user":"","email":"","allow":true,"allow-why-true":["pomerium-route"],"deny":false,"deny-why-false":[],"time":"2024-04-22T14:45:35Z","message":"authorize check"}
{"level":"info","type":"type.googleapis.com/session.Session","id":"d5409c13-204e-46b4-88c9-d6d16f13744a","time":"2024-04-22T14:45:35Z","message":"get"}
{"level":"info","service":"authorize","request-id":"67a93b36-d61c-4230-8712-6190bfe79a7e","check-request-id":"67a93b36-d61c-4230-8712-6190bfe79a7e","method":"GET","path":"/.pomerium/callback/","host":"nginx-pomerium.dev.example.com","ip":"10.136.0.8","user":"","email":"","allow":true,"allow-why-true":["pomerium-route"],"deny":false,"deny-why-false":[],"time":"2024-04-22T14:45:35Z","message":"authorize check"}
{"level":"info","service":"authorize","request-id":"ac0b9f68-aebf-47c7-8d7a-835fdc904b60","check-request-id":"ac0b9f68-aebf-47c7-8d7a-835fdc904b60","method":"GET","path":"/","host":"nginx-pomerium.dev.example.com","ip":"10.136.0.13","user":"","email":"","allow":false,"allow-why-false":["user-unauthenticated"],"deny":false,"deny-why-false":[],"time":"2024-04-22T14:45:35Z","message":"authorize check"}
{"level":"info","service":"envoy","upstream-cluster":"","method":"GET","authority":"nginx-pomerium.dev.example.com","path":"/","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36","referer":"","forwarded-for":"88.17.253.147:51272,10.136.0.8","request-id":"71f368de-2d2b-4bdf-ab29-a845e31e2daf","duration":5.048933,"size":1486,"response-code":302,"response-code-details":"ext_authz_denied","time":"2024-04-22T14:45:36Z","message":"http-request"}
{"level":"info","service":"envoy","upstream-cluster":"pomerium-control-plane-http","method":"GET","authority":"nginx-pomerium.dev.example.com","path":"/.pomerium/callback/","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36","referer":"","forwarded-for":"88.17.253.147:51272,10.136.0.8","request-id":"741774ba-27f8-4578-98da-a9e210fddfb3","duration":3.310556,"size":88,"response-code":302,"response-code-details":"via_upstream","time":"2024-04-22T14:45:36Z","message":"http-request"}
{"level":"info","service":"envoy","upstream-cluster":"pomerium-control-plane-http","method":"GET","authority":"auth.dev.example.com","path":"/.pomerium/sign_in","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36","referer":"","forwarded-for":"88.17.253.147:51274,10.136.0.8","request-id":"ae845e2a-7a63-4836-a5a6-87878bb8e232","duration":4.43234,"size":1022,"response-code":302,"response-code-details":"via_upstream","time":"2024-04-22T14:45:36Z","message":"http-request"}
{"level":"info","service":"envoy","upstream-cluster":"","method":"GET","authority":"nginx-pomerium.dev.example.com","path":"/","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36","referer":"","forwarded-for":"88.17.253.147:51272,10.136.0.8","request-id":"3b72ba9c-788e-4503-89c3-3d91b97bcbdc","duration":2.533066,"size":1486,"response-code":302,"response-code-details":"ext_authz_denied","time":"2024-04-22T14:45:36Z","message":"http-request"}
{"level":"info","service":"envoy","upstream-cluster":"pomerium-control-plane-http","method":"GET","authority":"nginx-pomerium.dev.example.com","path":"/.pomerium/callback/","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36","referer":"","forwarded-for":"88.17.253.147:51272,10.136.0.8","request-id":"67a93b36-d61c-4230-8712-6190bfe79a7e","duration":3.01216,"size":88,"response-code":302,"response-code-details":"via_upstream","time":"2024-04-22T14:45:36Z","message":"http-request"}
{"level":"info","service":"authorize","request-id":"db6a17e2-dd9f-4d63-a4a9-0a14f2eb912a","check-request-id":"db6a17e2-dd9f-4d63-a4a9-0a14f2eb912a","method":"GET","path":"/.pomerium/sign_in","host":"auth.dev.example.com","ip":"10.136.0.8","user":"","email":"","allow":true,"allow-why-true":["pomerium-route"],"deny":false,"deny-why-false":[],"time":"2024-04-22T14:45:36Z","message":"authorize check"}
{"level":"info","type":"type.googleapis.com/session.Session","id":"d5409c13-204e-46b4-88c9-d6d16f13744a","time":"2024-04-22T14:45:36Z","message":"get"}
{"level":"info","service":"authorize","request-id":"64dc67a1-593f-4f7a-9ddf-ac5c8ee1267e","check-request-id":"64dc67a1-593f-4f7a-9ddf-ac5c8ee1267e","method":"GET","path":"/.pomerium/callback/","host":"nginx-pomerium.dev.example.com","ip":"10.136.0.9","user":"","email":"","allow":true,"allow-why-true":["pomerium-route"],"deny":false,"deny-why-false":[],"time":"2024-04-22T14:45:36Z","message":"authorize check"}
{"level":"info","service":"authorize","request-id":"f470e984-4f6f-4045-8740-09ba8a315f5f","check-request-id":"f470e984-4f6f-4045-8740-09ba8a315f5f","method":"GET","path":"/","host":"nginx-pomerium.dev.example.com","ip":"10.136.0.8","user":"","email":"","allow":false,"allow-why-false":["user-unauthenticated"],"deny":false,"deny-why-false":[],"time":"2024-04-22T14:45:36Z","message":"authorize check"}
{"level":"info","service":"authorize","request-id":"f294dee8-8041-41a9-b414-fc7087f1907a","check-request-id":"f294dee8-8041-41a9-b414-fc7087f1907a","method":"GET","path":"/.pomerium/sign_in","host":"auth.dev.example.com","ip":"10.136.0.13","user":"","email":"","allow":true,"allow-why-true":["pomerium-route"],"deny":false,"deny-why-false":[],"time":"2024-04-22T14:45:36Z","message":"authorize check"}
{"level":"info","type":"type.googleapis.com/session.Session","id":"d5409c13-204e-46b4-88c9-d6d16f13744a","time":"2024-04-22T14:45:36Z","message":"get"}
{"level":"info","service":"envoy","upstream-cluster":"pomerium-control-plane-http","method":"GET","authority":"auth.dev.example.com","path":"/.pomerium/sign_in","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36","referer":"","forwarded-for":"88.17.253.147:51274,10.136.0.13","request-id":"e6d509e7-0cfa-4b32-9b41-5ca5e63eda7d","duration":4.440141,"size":1022,"response-code":302,"response-code-details":"via_upstream","time":"2024-04-22T14:45:36Z","message":"http-request"}
{"level":"info","service":"envoy","upstream-cluster":"pomerium-control-plane-http","method":"GET","authority":"auth.dev.example.com","path":"/.pomerium/sign_in","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36","referer":"","forwarded-for":"88.17.253.147:51274,10.136.0.13","request-id":"f294dee8-8041-41a9-b414-fc7087f1907a","duration":10.756256,"size":1023,"response-code":302,"response-code-details":"via_upstream","time":"2024-04-22T14:45:36Z","message":"http-request"}
{"level":"info","service":"envoy","upstream-cluster":"pomerium-control-plane-http","method":"GET","authority":"auth.dev.example.com","path":"/.pomerium/sign_in","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36","referer":"","forwarded-for":"88.17.253.147:51274,10.136.0.9","request-id":"668ab027-3481-448f-bfaa-f5cee3fcad4e","duration":4.766236,"size":1023,"response-code":302,"response-code-details":"via_upstream","time":"2024-04-22T14:45:36Z","message":"http-request"}
{"level":"info","service":"envoy","upstream-cluster":"pomerium-control-plane-http","method":"GET","authority":"nginx-pomerium.dev.example.com","path":"/.pomerium/callback/","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36","referer":"","forwarded-for":"88.17.253.147:51272,10.136.0.9","request-id":"8561b80f-a23c-4d1d-b8d3-0bacba6c3d56","duration":3.319056,"size":88,"response-code":302,"response-code-details":"via_upstream","time":"2024-04-22T14:45:36Z","message":"http-request"}
{"level":"info","service":"envoy","upstream-cluster":"pomerium-control-plane-http","method":"GET","authority":"nginx-pomerium.dev.example.com","path":"/.pomerium/callback/","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36","referer":"","forwarded-for":"88.17.253.147:51272,10.136.0.13","request-id":"b6d18dec-53f3-4ab8-81b0-383606b6db45","duration":2.95936,"size":88,"response-code":302,"response-code-details":"via_upstream","time":"2024-04-22T14:45:36Z","message":"http-request"}
{"level":"info","service":"envoy","upstream-cluster":"","method":"GET","authority":"nginx-pomerium.dev.example.com","path":"/","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36","referer":"","forwarded-for":"88.17.253.147:51272,10.136.0.9","request-id":"7f116cac-943f-4f4e-950c-2919224c70d6","duration":2.628065,"size":1486,"response-code":302,"response-code-details":"ext_authz_denied","time":"2024-04-22T14:45:36Z","message":"http-request"}
{"level":"info","service":"envoy","upstream-cluster":"","method":"GET","authority":"nginx-pomerium.dev.example.com","path":"/","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36","referer":"","forwarded-for":"88.17.253.147:51272,10.136.0.13","request-id":"ac0b9f68-aebf-47c7-8d7a-835fdc904b60","duration":2.584866,"size":1486,"response-code":302,"response-code-details":"ext_authz_denied","time":"2024-04-22T14:45:36Z","message":"http-request"}
{"level":"info","service":"envoy","upstream-cluster":"pomerium-control-plane-http","method":"GET","authority":"nginx-pomerium.dev.example.com","path":"/.pomerium/callback/","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36","referer":"","forwarded-for":"88.17.253.147:51272,10.136.0.9","request-id":"64dc67a1-593f-4f7a-9ddf-ac5c8ee1267e","duration":3.01116,"size":88,"response-code":302,"response-code-details":"via_upstream","time":"2024-04-22T14:45:36Z","message":"http-request"}
{"level":"info","service":"envoy","upstream-cluster":"pomerium-control-plane-http","method":"GET","authority":"auth.dev.example.com","path":"/.pomerium/sign_in","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36","referer":"","forwarded-for":"88.17.253.147:51274,10.136.0.8","request-id":"db6a17e2-dd9f-4d63-a4a9-0a14f2eb912a","duration":13.42572,"size":1024,"response-code":302,"response-code-details":"via_upstream","time":"2024-04-22T14:45:37Z","message":"http-request"}
{"level":"info","service":"envoy","upstream-cluster":"","method":"GET","authority":"nginx-pomerium.dev.example.com","path":"/","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36","referer":"","forwarded-for":"88.17.253.147:51272,10.136.0.8","request-id":"f470e984-4f6f-4045-8740-09ba8a315f5f","duration":2.527666,"size":1486,"response-code":302,"response-code-details":"ext_authz_denied","time":"2024-04-22T14:45:37Z","message":"http-request"}