docs: changelog++ v0.0.3 (#76)

CHANGELOG.md

@@ -1,6 +1,6 @@
 # Pomerium Changelog
 
-## vUNRELEASED
+## v0.0.3
 
 **FEATURES:**
 
@@ -15,8 +15,8 @@
 - **WebSocket Support** : With [Go 1.12](https://golang.org/doc/go1.12#net/http/httputil) pomerium automatically proxies WebSocket requests.
 
 **CHANGED**:
-- Add `LOG_LEVEL` config setting that allows for setting the desired minimum log level for an event to be logged. 
+- Add `LOG_LEVEL` config setting that allows for setting the desired minimum log level for an event to be logged. [GH-74] 
-- Changed `POMERIUM_DEBUG` config setting to just do console-pretty printing. No longer sets log level.
+- Changed `POMERIUM_DEBUG` config setting to just do console-pretty printing. No longer sets log level. [GH-74]
 - Updated `generate_wildcard_cert.sh` to generate a elliptic curve 256 cert by default.
 - Updated `env.example` to include a `POLICY` setting example.
 - Added `IDP_SERVICE_ACCOUNT` to `env.example` .

docs/docs/examples.md

@@ -30,7 +30,7 @@ Customize for your identity provider and run `source ./env && ./bin/pomerium`
 
 Uses the [latest pomerium build](https://hub.docker.com/r/pomerium/pomerium) from docker hub. Docker and docker-compose are great tools for standing up and testing multiple service, and containers without having to stand-up a full on cluster.
 
-### Basic
+#### Basic
 
 - Minimal container-based configuration.
 - Docker and Docker-Compose based.
@@ -43,7 +43,7 @@ Customize for your identity provider run `docker-compose up -f basic.docker-comp
 
 <<< @/docs/docs/examples/docker/basic.docker-compose.yml
 
-### NGINX micro-services
+#### NGINX micro-services
 
 - Docker and Docker-Compose based.
 - Uses pre-configured built-in nginx load balancer
@@ -56,20 +56,25 @@ Customize for your identity provider run `docker-compose up -f nginx.docker-comp
 
 <<< @/docs/docs/examples/docker/nginx.docker-compose.yml
 
-## Kubernetes
+## Helm
 
-### Google Kubernetes Engine
+- Uses Google Kubernetes Engine's built-in ingress to do [HTTPS load balancing]
-
-- Uses GKE's built-in ingress to do [HTTPS load balancing]
 - HTTPS (TLS) between client, load balancer, and services
 - Routes default to hosted version of httpbin.org
 - Includes all-in-one script
 
-#### Auto-magically with helm
+#### helm_gke.sh
 
 <<< @/scripts/helm_gke.sh
 
-#### Manually with kubernetes
+## Kubernetes
+
+- Uses Google Kubernetes Engine's built-in ingress to do [HTTPS load balancing]
+- HTTPS (TLS) between client, load balancer, and services
+- Routes default to hosted version of httpbin.org
+- Includes all-in-one script
+
+#### kubernetes_gke
 
 <<< @/scripts/kubernetes_gke.sh
 

docs/guide/helm.md

@@ -1,14 +1,6 @@
 # Helm
 
-This quickstart will show you how to deploy Pomerium with Helm. For the purpose of this guide, we will be using Google's Kubernetes Engine. However, there are many other ways to work with Kubernetes:
+This quickstart will show you how to deploy Pomerium with Kubernetes. Though there are [countless ways](https://kubernetes.io/docs/setup/pick-right-solution/) to work with Kubernetes, for the purpose of this guide, we will be using Google's [Kubernetes Engine](https://cloud.google.com/kubernetes-engine/). That said, most of the following steps should be very similar using any other provider with the biggest difference being in the configuration of your ingress. 
-
-- [Google Kubernetes Engine (GKE)](https://cloud.google.com/kubernetes-engine/)
-- [Azure Kubernetes Service](https://azure.microsoft.com/en-us/services/kubernetes-service/)
-- [Amazon Elastic Kubernetes Service (Amazon EKS)](https://aws.amazon.com/eks/)
-- [OpenShift Kubernetes](https://www.openshift.com/learn/topics/kubernetes/)
-- Or locally, with [minikube](https://kubernetes.io/docs/setup/minikube/)
-
-Most of the following steps should be very similar using any other provider, but may require additional tweaks. 
 
 
 ## Prerequisites
@@ -29,7 +21,7 @@ git clone https://github.com/pomerium/pomerium.git $HOME/pomerium
 
 ## Configure
 
-Edit the the install command in the [helm_gke.sh script ][./scripts/helm_gke.sh] to match your [identity provider] settings.
+Edit the the install command in the [helm_gke.sh script ][./scripts/helm_gke.sh] to match your [identity provider] and access policy settings.
 
 
 Generate a wild-card TLS certificate. If you don't have one handy, the included [script] generates one from [LetsEncrypt].

docs/guide/kubernetes.md

@@ -1,15 +1,6 @@
 # Kubernetes
 
-This quickstart will show you how to deploy Pomerium with Kubernetes. For the purpose of this guide, we will be using Google's Kubernetes Engine. However, there are countless ways to work with Kubernetes:
+This quickstart will show you how to deploy Pomerium with Kubernetes. Though there are [countless ways](https://kubernetes.io/docs/setup/pick-right-solution/) to work with Kubernetes, for the purpose of this guide, we will be using Google's [Kubernetes Engine](https://cloud.google.com/kubernetes-engine/). That said, most of the following steps should be very similar using any other provider.
-
-- [Google Kubernetes Engine (GKE)](https://cloud.google.com/kubernetes-engine/)
-- [Azure Kubernetes Service](https://azure.microsoft.com/en-us/services/kubernetes-service/)
-- [Amazon Elastic Kubernetes Service (Amazon EKS)](https://aws.amazon.com/eks/)
-- [OpenShift Kubernetes](https://www.openshift.com/learn/topics/kubernetes/)
-- Or locally, with [minikube](https://kubernetes.io/docs/setup/minikube/)
-
-Most of the following steps should be very similar using any other provider.
-
 
 ## Prerequisites
 
@@ -28,20 +19,10 @@ git clone https://github.com/pomerium/pomerium.git $HOME/pomerium
 
 ## Configure
 
-Edit the the [example kubernetes files][./scripts/kubernetes_gke.sh] to match your [identity provider] settings:
+Edit [./scripts/kubernetes_gke.sh] making sure to change the identity provider secret value to match your [identity provider] settings.
-
-- `./docs/docs/examples/authorize.deploy.yml`
-- `./docs/docs/examples/authorize.service.yml`
-- `./docs/docs/examples/authenticate.deploy.yml`
-- `./docs/docs/examples/authenticate.service.yml`
-- `./docs/docs/examples/proxy.deploy.yml`
-- `./docs/docs/examples/proxy.service.yml`
-- `./docs/docs/examples/ingress.yml`
 
 Place your domain's wild-card TLS certificate (`privkey.pem` and `cert.pem`) in the root of the repository. If you don't have one handy, the included [script] generates one from [LetsEncrypt].
 
-Edit [./scripts/kubernetes_gke.sh] making sure to change the identity provider secret value to match your [identity provider] settings.
-
 ## Run
 
 Run [./scripts/kubernetes_gke.sh] which will:

scripts/helm_gke.sh

@@ -4,7 +4,7 @@
 # NOTE! This will create real resources on Google's cloud. Make sure you clean up any unused
 # resources to avoid being billed. For reference, this tutorial cost me <10 cents for a couple of hours.
 # NOTE! You must change the identity provider client secret setting, and service account setting!
-# NOTE! If using gsuite, you should also set `authenticate.idp.serviceAccount`, see docs for more info !
+# NOTE! If you are using gsuite, you should also set `authenticate.idp.serviceAccount`, see docs !
 
 echo "=> [GCE] creating cluster"
 gcloud container clusters create pomerium
@@ -45,7 +45,6 @@ helm install ./helm/ \
 	--set authenticate.idp.provider="google" \
 	--set authenticate.idp.clientID="REPLACE_ME" \
 	--set authenticate.idp.clientSecret="REPLACE_ME" \
-	--set authenticate.idp.serviceAccount="REPLACE_ME" \
 	--set-string ingress.annotations."kubernetes\.io/ingress\.allow-http"=false \
 	--set ingress.annotations."cloud\.google\.com/app-protocols"=\"{\"https\":\"HTTPS\"}\"