mirror of
https://github.com/pomerium/pomerium.git
synced 2025-05-10 07:37:33 +02:00
docs: fixes to v0.8.0 docs (#696)
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
This commit is contained in:
Bobby DeSimone
GitHub
parent
80166bcc40
commit
1cba3d50eb
11 changed files with 103 additions and 14 deletions
64
docs/configuration/examples/helm/helm_aws.sh
Normal file
64
docs/configuration/examples/helm/helm_aws.sh
Normal file
|
|
@ -0,0 +1,64 @@
|
|||
#!/bin/bash
|
||||
# PRE-REQ:
|
||||
# 1) Install Helm : You should verify the content of this script before running.
|
||||
# curl https://raw.githubusercontent.com/kubernetes/helm/master/scripts/get | bash
|
||||
# 2) Install https://eksctl.io/
|
||||
# For more information see:
|
||||
# - https://eksworkshop.com/helm_root/helm_intro/install/
|
||||
|
||||
echo "=> [AWS] creating cluster"
|
||||
eksctl create cluster --name=pomerium --nodes=1 --region=us-west-2
|
||||
|
||||
echo "=> [AWS] get cluster credentials so we can use kubctl locally"
|
||||
eksctl utils write-kubeconfig --name=pomerium
|
||||
|
||||
echo "=> [AWS] configure Helm access with RBAC"
|
||||
cat <<EOF >.helm-rbac.yaml
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: tiller
|
||||
namespace: kube-system
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: tiller
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: cluster-admin
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: tiller
|
||||
namespace: kube-system
|
||||
EOF
|
||||
|
||||
kubectl apply -f .helm-rbac.yaml
|
||||
# cleanup
|
||||
rm .helm-rbac.yaml
|
||||
|
||||
echo "=> initialize Helm to install Tiller in your cluster"
|
||||
helm init --service-account=tiller
|
||||
helm repo update
|
||||
|
||||
echo "=> install pomerium with helm substituting configuration values as required; be sure to change these"
|
||||
helm install $HOME/charts/stable/pomerium/ \
|
||||
--name pomerium \
|
||||
--set config.sharedSecret=$(head -c32 /dev/urandom | base64) \
|
||||
--set config.cookieSecret=$(head -c32 /dev/urandom | base64) \
|
||||
--set config.cert=$(base64 -i cert.pem) \
|
||||
--set config.key=$(base64 -i privkey.pem) \
|
||||
--set config.policy="$(cat policy.example.yaml | base64)" \
|
||||
--set authenticate.idp.provider="google" \
|
||||
--set authenticate.proxyRootDomains="pomerium.io" \
|
||||
--set authenticate.redirectUrl="https://auth.corp.pomerium.io/oauth2/callback" \
|
||||
--set authenticate.idp.clientID="REPLACE_ME" \
|
||||
--set authenticate.idp.clientSecret="REPLACE_ME" \
|
||||
--set proxy.authenticateServiceUrl="https://auth.corp.pomerium.io" \
|
||||
--set proxy.authorizeServiceUrl="https://access.corp.pomerium.io"
|
||||
|
||||
# When done, clean up by deleting the cluster!
|
||||
#
|
||||
# helm del $(helm ls --all --short) --purge #!!! DELETES ALL YOUR HELM INSTANCES!
|
||||
41
docs/configuration/examples/helm/helm_gke.sh
Executable file
41
docs/configuration/examples/helm/helm_gke.sh
Executable file
|
|
@ -0,0 +1,41 @@
|
|||
#!/bin/bash
|
||||
# PRE-REQ: Install Helm : You should verify the content of this script before running.
|
||||
# curl https://raw.githubusercontent.com/kubernetes/helm/master/scripts/get | bash
|
||||
# NOTE! This will create real resources on Google's cloud. Make sure you clean up any unused
|
||||
# resources to avoid being billed. For reference, this tutorial cost me <10 cents for a couple of hours.
|
||||
# NOTE! You must change the identity provider client secret setting, and service account setting!
|
||||
# NOTE! If you are using gsuite, you should also set `authenticate.idp.serviceAccount`, see docs !
|
||||
|
||||
echo "=> [GCE] creating cluster"
|
||||
gcloud container clusters create pomerium --region us-west2 --num-nodes 1
|
||||
|
||||
echo "=> [GCE] get cluster credentials so we can use kubctl locally"
|
||||
gcloud container clusters get-credentials pomerium --region us-west2
|
||||
|
||||
echo "=> add pomerium's helm repo"
|
||||
helm repo add pomerium https://helm.pomerium.io
|
||||
|
||||
echo "=> add bitnami's helm repo"
|
||||
helm repo add bitnami https://charts.bitnami.com/bitnami
|
||||
|
||||
echo "=> install nginx as a sample hello world app"
|
||||
helm upgrade --install nginx bitnami/nginx --set service.type=ClusterIP
|
||||
|
||||
echo "=> update helm"
|
||||
helm repo update
|
||||
|
||||
echo "=> install pomerium with helm"
|
||||
helm install \
|
||||
pomerium \
|
||||
pomerium/pomerium \
|
||||
--set service.type="NodePort" \
|
||||
--set config.sharedSecret=$(head -c32 /dev/urandom | base64) \
|
||||
--set config.cookieSecret=$(head -c32 /dev/urandom | base64) \
|
||||
--set ingress.secret.name="pomerium-tls" \
|
||||
--set ingress.secret.cert=$(base64 -i "$HOME/.acme.sh/*.corp.beyondperimeter.com_ecc/fullchain.cer") \
|
||||
--set ingress.secret.key=$(base64 -i "$HOME/.acme.sh/*.corp.beyondperimeter.com_ecc/*.corp.beyondperimeter.com.key") \
|
||||
--values docs/configuration/examples/kubernetes/values.yaml
|
||||
|
||||
# When done, clean up by deleting the cluster!
|
||||
# helm del $(helm ls --all --short) --purge # deletes all your helm instances
|
||||
# gcloud container clusters delete pomerium # deletes your cluster
|
||||
Loading…
Add table
Add a link
Reference in a new issue