3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-01 10:22:43 +02:00
Code Issues Projects Releases Packages Wiki Activity

docs: add kubernetes (#33)

Browse source 
- Update PR template to use Go language conventions.
- Moved healthcheck middleware to hijack a request before logging.
- Rewrote the quickstart guides to follow a similar pattern.
- Added an overview blurb on pomerium and its goals.
- Add an "example config" section to docs.
This commit is contained in:
Bobby DeSimone 2019-01-27 22:22:14 -08:00 committed by GitHub
parent b1912128f3
commit bcecee5ee3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
43 changed files with 663 additions and 105 deletions
Download patch file Download diff file Expand all files Collapse all files

38
scripts/kubernetes_gke.sh Executable file
View file

@ -0,0 +1,38 @@
#!/bin/bash
# NOTE! This will create real resources on Google's cloud. Make sure you clean up any unused
# resources to avoid being billed. For reference, this tutorial cost me <10 cents for a couple of hours.
# create a cluster
gcloud container clusters create pomerium
# get cluster credentials os we can use kubctl locally
gcloud container clusters get-credentials pomerium
# create `pomerium` namespace
kubectl create ns pomerium
# create our cryptographically random keys
kubectl create secret generic -n pomerium shared-secret --from-literal=shared-secret=$(head -c32 /dev/urandom | base64)
kubectl create secret generic -n pomerium cookie-secret --from-literal=cookie-secret=$(head -c32 /dev/urandom | base64)
# load TLS for pomerium services
kubectl create secret generic -n pomerium certificate --from-literal=certificate=$(base64 -i cert.pem)
kubectl create secret generic -n pomerium certificate-key --from-literal=certificate-key=$(base64 -i privkey.pem)
# load TLS to ingress
kubectl create secret tls -n pomerium pomerium-tls --key privkey.pem --cert cert.pem
# !!! IMPORTANT !!!
# YOU MUST CHANGE THE Identity Provider Client Secret
# !!! IMPORTANT !!!
# kubectl create secret generic -n pomerium idp-client-secret --from-literal=REPLACE_ME
# Create the proxy & authenticate deployment
kubectl create -f docs/docs/examples/kubernetes/authenticate.deploy.yml
kubectl create -f docs/docs/examples/kubernetes/proxy.deploy.yml
# Create the proxy & authenticate services
kubectl apply -f docs/docs/examples/kubernetes/proxy.service.yml
kubectl apply -f docs/docs/examples/kubernetes/authenticate.service.yml
# Create and apply the Ingress; this is GKE specific
kubectl apply -f docs/docs/examples/kubernetes/ingress.yml
# When done, clean up by deleting the cluster!
# gcloud container clusters delete pomerium