v0.4.0

deployment: prepare v0.4.0 (#350 Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
2025-08-01 16:01:26 +02:00 · 2019-10-07 19:53:57 -07:00 · 2019-10-07 19:53:57 -07:00 · 28eae36ce1
commit 28eae36ce1
parent bca5caf77a
24 changed files with 222 additions and 167 deletions
--- a/docs/docs/quick-start/helm.md
+++ b/docs/docs/quick-start/helm.md
@ -8,7 +8,7 @@ meta:

 # Pomerium using Helm

-This quickstart will show you how to deploy Pomerium with Kubernetes.
+This quick-start will show you how to deploy Pomerium with [Helm](https://helm.sh) on [Kubernetes](https://kubernetes.io).

 ## Prerequisites

--- a/docs/docs/quick-start/img/synology-reverse-proxy.png
+++ b/docs/docs/quick-start/img/synology-reverse-proxy.png
--- a/docs/docs/quick-start/kubernetes.md
+++ b/docs/docs/quick-start/kubernetes.md
@ -8,7 +8,7 @@ meta:

 # Pomerium using Kubernetes

-This quickstart will cover how to deploy Pomerium with Kubernetes. Though there are [many ways](https://kubernetes.io/docs/setup/pick-right-solution/) to work with Kubernetes, for the purpose of this guide, we will use Google's [Kubernetes Engine](https://cloud.google.com/kubernetes-engine/). That said, most of the following steps should be very similar using any other provider.
+This quickstart will cover how to deploy Pomerium with Kubernetes. 

 ## Prerequisites

--- a/docs/docs/quick-start/synology.md
+++ b/docs/docs/quick-start/synology.md
@ -26,7 +26,7 @@ Pomerium is lightweight, can easily handle hundreds of concurrent requests, and
 - A configured Google OAuth2 [identity provider]
 - A [wild-card TLS certificate][certificate documentation]

-Though any supported identity provider would work, this guide uses google.
+Though any supported [identity provider] would work, this guide uses google.

 ## Port forwarding

@ -54,7 +54,7 @@ Set the following **Reverse Proxy Rules**.
 | Destination Port     | 8443        |
 | HTTP/2               | Enabled     |
 | HSTS                 | Enabled     |
-| Destination Protocol | HTTPS       |
+| Destination Protocol | HTTP        |
 | Destination Hostname | localhost   |
 | Destination Port     | 32443       |

@ -170,20 +170,15 @@ These are the minimum set of configuration settings to get Pomerium running in t

 Go to **Environment** tab.

-| Field                     | Value                                                                                    |
-| ------------------------- | ---------------------------------------------------------------------------------------- |
-| POLICY                    | output of `base64 -i policy.yaml`                                                        |
-| CERTIFICATE               | output of `base64 -i "$HOME/.acme.sh/*.int.nas.example.io_ecc/fullchain.cer"`            |
-| CERTIFICATE_KEY           | output of `base64 -i "$HOME/.acme.sh/*.int.nas.example.io_ecc/*.int.nas.example.io.key"` |
-| CERTIFICATE_AUTHORITY     | output of `base64 -i "$HOME/.acme.sh/*.int.nas.example.io_ecc/ca.cer"`                   |
-| OVERRIDE_CERTIFICATE_NAME | `*.int.nas.example`                                                                      |
-| IDP_CLIENT_SECRET         | Values from setting up your [identity provider]                                          |
-| IDP_CLIENT_ID             | Values from setting up your [identity provider]                                          |
-| IDP_PROVIDER              | Values from setting up your [identity provider] (e.g. `google`)                          |
-| COOKIE_SECRET             | output of `head -c32 /dev/urandom | base64`                                              |
-| SHARED_SECRET             | output of `head -c32 /dev/urandom | base64`                                              |
-| AUTHORIZE_SERVICE_URL     | `https://localhost`                                                                      |
-| AUTHENTICATE_SERVICE_URL  | `https://authenticate.int.nas.example`                                                   |
+| Field                    | Value                                                           |
+| ------------------------ | --------------------------------------------------------------- |
+| POLICY                   | output of `base64 -i policy.yaml`                               |
+| INSECURE_SERVER          | `TRUE`, internal routing within docker will not be encrypted.   |
+| IDP_CLIENT_SECRET        | Values from setting up your [identity provider]                 |
+| IDP_CLIENT_ID            | Values from setting up your [identity provider]                 |
+| IDP_PROVIDER             | Values from setting up your [identity provider] (e.g. `google`) |
+| COOKIE_SECRET            | output of `head -c32 /dev/urandom | base64`                     |
+| AUTHENTICATE_SERVICE_URL | `https://authenticate.int.nas.example`                          |

 For a detailed explanation, and additional options, please refer to the [configuration variable docs]. Also note, though not covered in this guide, settings can be made via a mounted configuration file.