docs: Update examples (#796)

2025-05-12 00:27:35 +02:00 · 2020-05-28 10:29:10 -04:00 · 2020-05-28 10:29:10 -04:00 · 14432daf26
commit 14432daf26
parent c77b2c6876
10 changed files with 38 additions and 99 deletions
--- a/docs/configuration/examples.md
+++ b/docs/configuration/examples.md
@ -80,6 +80,8 @@ Customize for your identity provider run `docker-compose up -f nginx.docker-comp
 - gRPC requests are routed behind the load balancer
 - Routes default to hosted version of httpbin.org
 - Includes installer script
 - Pomerium serves on HTTPS and your ingress controller may need an annotation to
  connect properly
 ### GKE
@ -87,12 +89,6 @@ Customize for your identity provider run `docker-compose up -f nginx.docker-comp
 <<< @/docs/configuration/examples/helm/helm_gke.sh
 ### AWS ECS
 - Uses Amazon Elastic Container Service
 <<< @/docs/configuration/examples/helm/helm_aws.sh
 ### Kubernetes
 - Uses Google Kubernetes Engine's built-in ingress to do [HTTPS load balancing]
@ -121,6 +117,11 @@ Customize for your identity provider run `docker-compose up -f nginx.docker-comp
 <<< @/docs/configuration/examples/kubernetes/pomerium-proxy.yml
 #### pomerium-cache.yml
 <<< @/docs/configuration/examples/kubernetes/pomerium-cache.yml
 #### ingress.yml
 <<< @/docs/configuration/examples/kubernetes/ingress.yml
--- a/docs/configuration/examples/helm/helm_aws.sh
+++ b/docs/configuration/examples/helm/helm_aws.sh
@ -1,64 +0,0 @@
 #!/bin/bash
 # PRE-REQ:
 # 1) Install Helm : You should verify the content of this script before running.
 # curl https://raw.githubusercontent.com/kubernetes/helm/master/scripts/get | bash
 # 2) Install https://eksctl.io/
 # For more information see: 
 #  - https://eksworkshop.com/helm_root/helm_intro/install/
 echo "=> [AWS] creating cluster"
 eksctl create cluster --name=pomerium --nodes=1 --region=us-west-2
 echo "=> [AWS] get cluster credentials so we can use kubctl locally"
 eksctl utils write-kubeconfig --name=pomerium
 echo "=> [AWS] configure Helm access with RBAC"
 cat <<EOF >.helm-rbac.yaml
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: tiller
  namespace: kube-system
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: ClusterRoleBinding
 metadata:
  name: tiller
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
 subjects:
  - kind: ServiceAccount
    name: tiller
    namespace: kube-system
 EOF
 kubectl apply -f .helm-rbac.yaml
 # cleanup
 rm .helm-rbac.yaml
 echo "=> initialize Helm to install Tiller in your cluster"
 helm init --service-account=tiller
 helm repo update
 echo "=> install pomerium with helm substituting configuration values as required; be sure to change these"
 helm install $HOME/charts/stable/pomerium/ \
 	--name pomerium \
 	--set config.sharedSecret=$(head -c32 /dev/urandom | base64) \
 	--set config.cookieSecret=$(head -c32 /dev/urandom | base64) \
 	--set config.cert=$(base64 -i cert.pem) \
 	--set config.key=$(base64 -i privkey.pem) \
 	--set config.policy="$(cat policy.example.yaml | base64)" \
 	--set authenticate.idp.provider="google" \
 	--set authenticate.proxyRootDomains="pomerium.io" \
 	--set authenticate.redirectUrl="https://auth.corp.pomerium.io/oauth2/callback" \
 	--set authenticate.idp.clientID="REPLACE_ME" \
 	--set authenticate.idp.clientSecret="REPLACE_ME" \
 	--set proxy.authenticateServiceUrl="https://auth.corp.pomerium.io" \
 	--set proxy.authorizeServiceUrl="https://access.corp.pomerium.io"
 # When done, clean up by deleting the cluster!
 #
 # helm del $(helm ls --all --short) --purge #!!! DELETES ALL YOUR HELM INSTANCES!
--- a/docs/configuration/examples/helm/helm_gke.sh
+++ b/docs/configuration/examples/helm/helm_gke.sh
@ -15,15 +15,15 @@ gcloud container clusters get-credentials pomerium --region us-west2
 echo "=> add pomerium's helm repo"
 helm repo add pomerium https://helm.pomerium.io
 echo "=> update helm"
 helm repo update
 echo "=> add bitnami's helm repo"
 helm repo add bitnami https://charts.bitnami.com/bitnami
 echo "=> install nginx as a sample hello world app"
 helm upgrade --install nginx bitnami/nginx --set service.type=ClusterIP
 echo "=> update helm"
 helm repo update
 echo "=> install pomerium with helm"
 helm install \
 	pomerium \
--- a/docs/configuration/examples/kubernetes/ingress.yml
+++ b/docs/configuration/examples/kubernetes/ingress.yml
@ -20,11 +20,11 @@ spec:
          - paths:
            backend:
              serviceName: pomerium-proxy-service
-              servicePort: https
+              servicePort: http
    - host: "authenticate.corp.beyondperimeter.com"
      http:
        paths:
          - paths:
            backend:
              serviceName: pomerium-authenticate-service
-              servicePort: https
+              servicePort: http
--- a/docs/configuration/examples/kubernetes/kubernetes-config.yaml
+++ b/docs/configuration/examples/kubernetes/kubernetes-config.yaml
@ -1,10 +1,12 @@
 # Main configuration flags : https://www.pomerium.io/docs/reference/reference/
 insecure_server: true
 grpc_insecure: true
 address: ":80"
 grpc_address: ":80"
 authenticate_service_url: https://authenticate.corp.beyondperimeter.com
-authorize_service_url: https://pomerium-authorize-service.default.svc.cluster.local
+authorize_service_url: http://pomerium-authorize-service.default.svc.cluster.local
-cache_service_url: https://pomerium-cache-service.default.svc.cluster.local
+cache_service_url: http://pomerium-cache-service.default.svc.cluster.local
 override_certificate_name: "*.corp.beyondperimeter.com"
--- a/docs/configuration/examples/kubernetes/pomerium-authenticate.yml
+++ b/docs/configuration/examples/kubernetes/pomerium-authenticate.yml
@ -4,8 +4,8 @@ metadata:
  name: pomerium-authenticate-service
 spec:
  ports:
-    - port: 443
+    - port: 80
-      name: https
+      name: http
  selector:
    app: pomerium-authenticate
  type: NodePort
@ -32,8 +32,8 @@ spec:
          args:
            - --config=/etc/pomerium/config.yaml
          ports:
-            - containerPort: 443
+            - containerPort: 80
-              name: https
+              name: http
              protocol: TCP
          env:
            - name: SERVICES
@ -51,12 +51,12 @@ spec:
          readinessProbe:
            httpGet:
              path: /ping
-              port: 443
+              port: 80
              scheme: HTTP
          livenessProbe:
            httpGet:
              path: /ping
-              port: 443
+              port: 80
              scheme: HTTP
            initialDelaySeconds: 5
            timeoutSeconds: 1
--- a/docs/configuration/examples/kubernetes/pomerium-authorize.yml
+++ b/docs/configuration/examples/kubernetes/pomerium-authorize.yml
@ -4,7 +4,7 @@ metadata:
  name: pomerium-authorize-service
 spec:
  ports:
-    - port: 443
+    - port: 80
      name: grpc
  selector:
    app: pomerium-authorize
@ -32,7 +32,7 @@ spec:
          args:
            - --config=/etc/pomerium/config.yaml
          ports:
-            - containerPort: 443
+            - containerPort: 80
              name: grpc
              protocol: TCP
          env:
@ -45,12 +45,12 @@ spec:
                  key: shared-secret
          readinessProbe:
            tcpSocket:
-              port: 443
+              port: 80
            initialDelaySeconds: 5
            periodSeconds: 10
          livenessProbe:
            tcpSocket:
-              port: 443
+              port: 80
            initialDelaySeconds: 15
            periodSeconds: 20
--- a/docs/configuration/examples/kubernetes/pomerium-cache.yml
+++ b/docs/configuration/examples/kubernetes/pomerium-cache.yml
@ -5,7 +5,7 @@ metadata:
 spec:
  clusterIP: None # cache is a headless service!
  ports:
-    - port: 443
+    - port: 80
      name: grpc
  selector:
    app: pomerium-cache
@ -33,7 +33,7 @@ spec:
          args:
            - --config=/etc/pomerium/config.yaml
          ports:
-            - containerPort: 443
+            - containerPort: 80
              name: grpc
              protocol: TCP
          env:
@ -46,12 +46,12 @@ spec:
                  key: shared-secret
          readinessProbe:
            tcpSocket:
-              port: 443
+              port: 80
            initialDelaySeconds: 5
            periodSeconds: 10
          livenessProbe:
            tcpSocket:
-              port: 443
+              port: 80
            initialDelaySeconds: 15
            periodSeconds: 20
--- a/docs/configuration/examples/kubernetes/pomerium-proxy.yml
+++ b/docs/configuration/examples/kubernetes/pomerium-proxy.yml
@ -4,10 +4,10 @@ metadata:
  name: pomerium-proxy-service
 spec:
  ports:
-    - port: 443
+    - port: 80
      protocol: TCP
-      name: https
+      name: http
-      targetPort: https
+      targetPort: http
  selector:
    app: pomerium-proxy
  type: NodePort
@ -34,8 +34,8 @@ spec:
          args:
            - --config=/etc/pomerium/config.yaml
          ports:
-            - containerPort: 443
+            - containerPort: 80
-              name: https
+              name: http
              protocol: TCP
          env:
            - name: SERVICES
@ -53,12 +53,12 @@ spec:
          readinessProbe:
            httpGet:
              path: /ping
-              port: 443
+              port: 80
              scheme: HTTP
          livenessProbe:
            httpGet:
              path: /ping
-              port: 443
+              port: 80
              scheme: HTTP
            initialDelaySeconds: 10
            timeoutSeconds: 1
--- a/docs/configuration/examples/kubernetes/values.yaml
+++ b/docs/configuration/examples/kubernetes/values.yaml
@ -25,4 +25,4 @@ config:
 ingress:
  annotations:
-    kubernetes.io/ingress.allow-http: false
+    kubernetes.io/ingress.allow-http: "false"