mirror of
https://github.com/pomerium/pomerium.git
synced 2025-07-23 19:49:13 +02:00
authenticate: support kubernetes (#62)
- cmd/pomerium: made ping a toplevel route for all services. - docs: updated kubernetes script and corresponding configuration yaml's
This commit is contained in:
Bobby DeSimone
GitHub
parent
c13459bb88
commit
0a501b61ed
11 changed files with 115 additions and 202 deletions
|
|
@ -35,8 +35,6 @@ spec:
|
|||
value: 851877082059-bfgkpj09noog7as3gpc3t7r6n9sjbgs6.apps.googleusercontent.com
|
||||
- name: PROXY_ROOT_DOMAIN
|
||||
value: beyondperimeter.com
|
||||
- name: ALLOWED_DOMAINS
|
||||
value: "*"
|
||||
- name: SHARED_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
|
|
@ -52,6 +50,11 @@ spec:
|
|||
secretKeyRef:
|
||||
name: idp-client-secret
|
||||
key: idp-client-secret
|
||||
- name: IDP_SERVICE_ACCOUNT
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: idp-service-account
|
||||
key: idp-service-account
|
||||
- name: CERTIFICATE
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
|
|
|
|||
59
docs/docs/examples/kubernetes/authorize.deploy.yml
Normal file
59
docs/docs/examples/kubernetes/authorize.deploy.yml
Normal file
|
|
@ -0,0 +1,59 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: pomerium-authorize
|
||||
labels:
|
||||
app: pomerium-authorize
|
||||
namespace: pomerium
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: pomerium-authorize
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: pomerium-authorize
|
||||
spec:
|
||||
containers:
|
||||
- image: pomerium/pomerium:latest
|
||||
name: pomerium-authorize
|
||||
ports:
|
||||
- containerPort: 443
|
||||
name: https
|
||||
protocol: TCP
|
||||
env:
|
||||
- name: POLICY
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: policy
|
||||
key: policy
|
||||
- name: SERVICES
|
||||
value: authorize
|
||||
- name: SHARED_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: shared-secret
|
||||
key: shared-secret
|
||||
- name: CERTIFICATE
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: certificate
|
||||
key: certificate
|
||||
- name: CERTIFICATE_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: certificate-key
|
||||
key: certificate-key
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /ping
|
||||
port: 443
|
||||
scheme: HTTPS
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /ping
|
||||
port: 443
|
||||
scheme: HTTPS
|
||||
initialDelaySeconds: 10
|
||||
timeoutSeconds: 1
|
||||
14
docs/docs/examples/kubernetes/authorize.service.yml
Normal file
14
docs/docs/examples/kubernetes/authorize.service.yml
Normal file
|
|
@ -0,0 +1,14 @@
|
|||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: pomerium-authorize-service
|
||||
namespace: pomerium
|
||||
annotations:
|
||||
cloud.google.com/app-protocols: '{"https":"HTTPS"}'
|
||||
spec:
|
||||
ports:
|
||||
- port: 443
|
||||
name: https
|
||||
selector:
|
||||
app: pomerium-authorize
|
||||
type: NodePort
|
||||
|
|
@ -23,7 +23,6 @@ spec:
|
|||
backend:
|
||||
serviceName: pomerium-proxy-service
|
||||
servicePort: https
|
||||
|
||||
- host: "auth.corp.beyondperimeter.com"
|
||||
http:
|
||||
paths:
|
||||
|
|
|
|||
|
|
@ -50,6 +50,12 @@ spec:
|
|||
secretKeyRef:
|
||||
name: idp-client-secret
|
||||
key: idp-client-secret
|
||||
# e.g. service account for group retrieval, e.g. gsuite
|
||||
- name: IDP_SERVICE_ACCOUNT
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: idp-service-account
|
||||
key: idp-service-account
|
||||
- name: CERTIFICATE
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
|
|
@ -60,6 +66,11 @@ spec:
|
|||
secretKeyRef:
|
||||
name: certificate-key
|
||||
key: certificate-key
|
||||
- name: POLICY
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: policy
|
||||
key: policy
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /ping
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue