authenticate: support kubernetes (#62)

- cmd/pomerium: made ping a toplevel route for all services.
- docs: updated kubernetes script and corresponding configuration yaml's
This commit is contained in:
Bobby DeSimone 2019-03-12 15:31:17 -07:00 committed by GitHub
parent c13459bb88
commit 0a501b61ed
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
11 changed files with 115 additions and 202 deletions

View file

@ -35,8 +35,6 @@ spec:
value: 851877082059-bfgkpj09noog7as3gpc3t7r6n9sjbgs6.apps.googleusercontent.com
- name: PROXY_ROOT_DOMAIN
value: beyondperimeter.com
- name: ALLOWED_DOMAINS
value: "*"
- name: SHARED_SECRET
valueFrom:
secretKeyRef:
@ -52,6 +50,11 @@ spec:
secretKeyRef:
name: idp-client-secret
key: idp-client-secret
- name: IDP_SERVICE_ACCOUNT
valueFrom:
secretKeyRef:
name: idp-service-account
key: idp-service-account
- name: CERTIFICATE
valueFrom:
secretKeyRef:

View file

@ -0,0 +1,59 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: pomerium-authorize
labels:
app: pomerium-authorize
namespace: pomerium
spec:
replicas: 1
selector:
matchLabels:
app: pomerium-authorize
template:
metadata:
labels:
app: pomerium-authorize
spec:
containers:
- image: pomerium/pomerium:latest
name: pomerium-authorize
ports:
- containerPort: 443
name: https
protocol: TCP
env:
- name: POLICY
valueFrom:
configMapKeyRef:
name: policy
key: policy
- name: SERVICES
value: authorize
- name: SHARED_SECRET
valueFrom:
secretKeyRef:
name: shared-secret
key: shared-secret
- name: CERTIFICATE
valueFrom:
secretKeyRef:
name: certificate
key: certificate
- name: CERTIFICATE_KEY
valueFrom:
secretKeyRef:
name: certificate-key
key: certificate-key
readinessProbe:
httpGet:
path: /ping
port: 443
scheme: HTTPS
livenessProbe:
httpGet:
path: /ping
port: 443
scheme: HTTPS
initialDelaySeconds: 10
timeoutSeconds: 1

View file

@ -0,0 +1,14 @@
apiVersion: v1
kind: Service
metadata:
name: pomerium-authorize-service
namespace: pomerium
annotations:
cloud.google.com/app-protocols: '{"https":"HTTPS"}'
spec:
ports:
- port: 443
name: https
selector:
app: pomerium-authorize
type: NodePort

View file

@ -23,7 +23,6 @@ spec:
backend:
serviceName: pomerium-proxy-service
servicePort: https
- host: "auth.corp.beyondperimeter.com"
http:
paths:

View file

@ -50,6 +50,12 @@ spec:
secretKeyRef:
name: idp-client-secret
key: idp-client-secret
# e.g. service account for group retrieval, e.g. gsuite
- name: IDP_SERVICE_ACCOUNT
valueFrom:
secretKeyRef:
name: idp-service-account
key: idp-service-account
- name: CERTIFICATE
valueFrom:
secretKeyRef:
@ -60,6 +66,11 @@ spec:
secretKeyRef:
name: certificate-key
key: certificate-key
- name: POLICY
valueFrom:
configMapKeyRef:
name: policy
key: policy
readinessProbe:
httpGet:
path: /ping