authenticate: use gRPC for service endpoints (#39)

* authenticate: set cookie secure as default. * authenticate: remove single flight provider. * authenticate/providers: Rename “ProviderData” to “IdentityProvider” * authenticate/providers: Fixed an issue where scopes were not being overwritten * proxy/authenticate : http client code removed. * proxy: standardized session variable names between services. * docs: change basic docker-config to be an “all-in-one” example with no nginx load. * docs: nginx balanced docker compose example with intra-ingress settings. * license: attribution for adaptation of goji’s middleware pattern.
2025-05-17 19:17:17 +02:00 · 2019-02-08 10:10:38 -08:00 · 2019-02-08 10:10:38 -08:00 · c886b924e7
commit c886b924e7
parent 9ca3ff4fa2
54 changed files with 2184 additions and 1463 deletions
--- a/scripts/kubernetes_gke.sh
+++ b/scripts/kubernetes_gke.sh
@ -3,12 +3,33 @@
 # resources to avoid being billed. For reference, this tutorial cost me <10 cents for a couple of hours.

 # create a cluster
-gcloud container clusters create pomerium
+gcloud container clusters create pomerium --num-nodes 1
 # get cluster credentials os we can use kubctl locally
 gcloud container clusters get-credentials pomerium
 # create `pomerium` namespace
 kubectl create ns pomerium

+######################################################################
+#### UNCOMMENT to use helm to install cert-manager & nginx-ingress####
+######################################################################
+# setup service account for tiller used by helm
+# kubectl create serviceaccount --namespace kube-system tiller
+# kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
+# helm init --service-account tiller
+# # update helm
+# helm repo update
+# kubectl get deployments -n kube-system
+# # create nginx-ingress
+# helm install --name nginx-ingress stable/nginx-ingress --set rbac.create=true
+# # install cert-manager to auto grab lets encrypt certificates
+# kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.6/deploy/manifests/00-crds.yaml
+# helm repo update
+# helm install --name cert-manager --namespace cert-manager stable/cert-manager
+# configure Let’s Encrypt Issuer
+# kubectl apply -f docs/docs/examples/kubernetes/issuer.le.prod.yml
+# kubectl apply -f docs/docs/examples/kubernetes/issuer.le.stage.yml
+# kubectl get certificate
+
 # create our cryptographically random keys
 kubectl create secret generic -n pomerium shared-secret --from-literal=shared-secret=$(head -c32 /dev/urandom | base64)
 kubectl create secret generic -n pomerium cookie-secret --from-literal=cookie-secret=$(head -c32 /dev/urandom | base64)
@ -23,16 +44,19 @@ kubectl create secret tls -n pomerium pomerium-tls --key privkey.pem --cert cert
 #                       !!! IMPORTANT !!!
 #          YOU MUST CHANGE THE Identity Provider Client Secret
 #                       !!! IMPORTANT !!!
-# kubectl create secret generic -n pomerium idp-client-secret --from-literal=idp-client-secret=REPLACE_ME
+# kubectl create secret generic -n pomerium idp-client-secret --from-literal=REPLACE_ME

 # Create the proxy & authenticate deployment
-kubectl create -f docs/docs/examples/kubernetes/authenticate.deploy.yml
-kubectl create -f docs/docs/examples/kubernetes/proxy.deploy.yml
+kubectl apply -f docs/docs/examples/kubernetes/authenticate.deploy.yml
+kubectl apply -f docs/docs/examples/kubernetes/proxy.deploy.yml
 # Create the proxy & authenticate services
 kubectl apply -f docs/docs/examples/kubernetes/proxy.service.yml
 kubectl apply -f docs/docs/examples/kubernetes/authenticate.service.yml
 # Create and apply the Ingress; this is GKE specific
 kubectl apply -f docs/docs/examples/kubernetes/ingress.yml

+# Alternatively, nginx-ingress can be used
+# kubectl apply -f docs/docs/examples/kubernetes/ingress.nginx.yml
+
 # When done, clean up by deleting the cluster!
 # gcloud container clusters delete pomerium