3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-08-06 10:21:05 +02:00
Code Issues Projects Releases Packages Wiki Activity

Update Helm Instructions (#2467)

Browse source 
* update Helm instructions

* Update docs/enterprise/upgrading.md

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>
This commit is contained in:
Alex Fornuto 2021-08-20 15:25:08 -05:00 committed by GitHub
parent 8bdf296929
commit 7618ca5e3d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 24 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

19
docs/enterprise/install/helm.md
View file

@ -76,7 +76,22 @@ This setup assumes an existing certificate solution using cert-manager, as descr
pass_identity_headers: true pass_identity_headers: true
``` ```
1. If you haven't already, set a static `signing_key` value to be shared with the Enterprise Console. See [Reference: Signing Key](/reference/readme.md#signing-key) for information on generating a key. 1. If you haven't already, set `generateSigningKey` as false, and set a static `signingKey` value to be shared with the Enterprise Console. See [Reference: Signing Key](/reference/readme.md#signing-key) for information on generating a key:
```yaml
config:
...
generateSigningKey: false
signingKey: "LR0tMS1BRUdHTiBFQ...."
...
```
If `signingKey` wasn't already set, delete the generated `pomerium-signing-key` secret and restart the `pomerium-authorize` deployment:
```bash
kubectl delete secret pomerium-signing-key
kubectl rollout restart deployment pomerium-authorize
```
1. Use Helm to update your Pomerium installation: 1. Use Helm to update your Pomerium installation:
@ -100,7 +115,7 @@ This setup assumes an existing certificate solution using cert-manager, as descr
sharedSecret: #Shared with Pomerium sharedSecret: #Shared with Pomerium
databaseEncryptionKey: #Generate from "head -c32 /dev/urandom | base64" databaseEncryptionKey: #Generate from "head -c32 /dev/urandom | base64"
administrators: "youruser@yourcompany.com" #This is a hard-coded access, remove once setup is complete administrators: "youruser@yourcompany.com" #This is a hard-coded access, remove once setup is complete
signing_key: "ZZZZZZZ" #This base64-encoded key is shared with open-source Pomerium signingKey: "ZZZZZZZ" #This base64-encoded key is shared with open-source Pomerium
audience: console.localhost.pomerium.com # This should match the "from" value in your Pomerium route, excluding protocol. audience: console.localhost.pomerium.com # This should match the "from" value in your Pomerium route, excluding protocol.
tls: tls:
existingCASecret: pomerium-tls existingCASecret: pomerium-tls

7
docs/enterprise/upgrading.md
View file

@ -19,6 +19,13 @@ When new version of Pomerium Enterprise are released, check back to this page be
[signing key]: /reference/readme.md/#signing-key [signing key]: /reference/readme.md/#signing-key
### Helm Installations
- As of v0.15.0, All Helm charts have been consolidated to a single repository. Remove the `pomerium-enterprise` repo and upgrade from `pomerium`:
```bash
helm repo remove pomerium-enterprise
helm upgrade --install pomerium-console pomerium/pomerium-console --values=./pomerium-console-values.yaml
```
- As noted above, `signing-key` must be shared between Pomerium and Enterprise. See the [Update Pomerium](/enterprise/install/helm.md#update-pomerium) section of [Install Pomerium Enterprise in Helm](/enterprise/install/helm.md) for more information.