3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-09 23:27:43 +02:00
Code Issues Projects Releases Packages Wiki Activity

v0.6.0

Browse source 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
This commit is contained in:
Bobby DeSimone 2020-01-24 16:09:47 -08:00 committed by GitHub
parent 8956bf4411
commit dd54ce4481
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
56 changed files with 272 additions and 49 deletions
Download patch file Download diff file Expand all files Collapse all files

3
docs/configuration/examples/kubernetes/kubernetes-config.yaml
View file

@ -1,9 +1,10 @@
# Main configuration flags : https://www.pomerium.io/docs/reference/reference/
address: ":80"
insecure_server: true
grpc_insecure: true
authenticate_service_url: https://authenticate.corp.beyondperimeter.com
authorize_service_url: https://pomerium-authorize-service.default.svc.cluster.local
cache_service_url: https://pomerium-cache-service.default.svc.cluster.local
override_certificate_name: "*.corp.beyondperimeter.com"

5
docs/configuration/examples/kubernetes/kubernetes_gke.sh
View file

@ -5,10 +5,10 @@
# NOTE! You must change the identity provider client secret setting in your config file!
echo "=> creating cluster"
gcloud container clusters create pomerium --num-nodes 2
gcloud container clusters create pomerium --num-nodes 3 --region us-west2
echo "=> get cluster credentials so we can use kubctl locally"
gcloud container clusters get-credentials pomerium
gcloud container clusters get-credentials pomerium --region us-west2
echo "=> create config from kubernetes-config.yaml which we will mount"
kubectl create configmap config --from-file="config.yaml"="kubernetes-config.yaml"
@ -32,6 +32,7 @@ echo "=> deploy pomerium proxy, authorize, and authenticate"
kubectl apply -f pomerium-proxy.yml
kubectl apply -f pomerium-authenticate.yml
kubectl apply -f pomerium-authorize.yml
kubectl apply -f pomerium-cache.yml
echo "=> deploy our test app, httpbin"
kubectl apply -f httpbin.yml

14
docs/configuration/examples/kubernetes/pomerium-authenticate.yml
View file

@ -4,8 +4,8 @@ metadata:
name: pomerium-authenticate-service
spec:
ports:
- port: 80
name: http
- port: 443
name: https
selector:
app: pomerium-authenticate
type: NodePort
@ -27,13 +27,13 @@ spec:
app: pomerium-authenticate
spec:
containers:
- image: pomerium/pomerium:v0.5.0
- image: pomerium/pomerium:master
name: pomerium-authenticate
args:
- --config=/etc/pomerium/config.yaml
ports:
- containerPort: 80
name: http
- containerPort: 443
name: https
protocol: TCP
env:
- name: SERVICES
@ -51,12 +51,12 @@ spec:
readinessProbe:
httpGet:
path: /ping
port: 80
port: 443
scheme: HTTP
livenessProbe:
httpGet:
path: /ping
port: 80
port: 443
scheme: HTTP
initialDelaySeconds: 5
timeoutSeconds: 1

10
docs/configuration/examples/kubernetes/pomerium-authorize.yml
View file

@ -4,7 +4,7 @@ metadata:
name: pomerium-authorize-service
spec:
ports:
- port: 80
- port: 443
name: grpc
selector:
app: pomerium-authorize
@ -27,12 +27,12 @@ spec:
app: pomerium-authorize
spec:
containers:
- image: pomerium/pomerium:v0.5.0
- image: pomerium/pomerium:master
name: pomerium-authorize
args:
- --config=/etc/pomerium/config.yaml
ports:
- containerPort: 80
- containerPort: 443
name: grpc
protocol: TCP
env:
@ -45,12 +45,12 @@ spec:
key: shared-secret
readinessProbe:
tcpSocket:
port: 80
port: 443
initialDelaySeconds: 5
periodSeconds: 10
livenessProbe:
tcpSocket:
port: 80
port: 443
initialDelaySeconds: 15
periodSeconds: 20

64
docs/configuration/examples/kubernetes/pomerium-cache.yml Normal file
View file

@ -0,0 +1,64 @@
apiVersion: v1
kind: Service
metadata:
name: pomerium-cache-service
spec:
clusterIP: None # cache is a headless service!
ports:
- port: 443
name: grpc
selector:
app: pomerium-cache
type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: pomerium-cache
labels:
app: pomerium-cache
spec:
replicas: 1
selector:
matchLabels:
app: pomerium-cache
template:
metadata:
labels:
app: pomerium-cache
spec:
containers:
- image: pomerium/pomerium:master
name: pomerium-cache
args:
- --config=/etc/pomerium/config.yaml
ports:
- containerPort: 443
name: grpc
protocol: TCP
env:
- name: SERVICES
value: cache
- name: SHARED_SECRET
valueFrom:
secretKeyRef:
name: shared-secret
key: shared-secret
readinessProbe:
tcpSocket:
port: 443
initialDelaySeconds: 5
periodSeconds: 10
livenessProbe:
tcpSocket:
port: 443
initialDelaySeconds: 15
periodSeconds: 20
volumeMounts:
- mountPath: /etc/pomerium/
name: config
volumes:
- name: config
configMap:
name: config

16
docs/configuration/examples/kubernetes/pomerium-proxy.yml
View file

@ -4,10 +4,10 @@ metadata:
name: pomerium-proxy-service
spec:
ports:
- port: 80
- port: 443
protocol: TCP
name: http
targetPort: http
name: https
targetPort: https
selector:
app: pomerium-proxy
type: NodePort
@ -29,13 +29,13 @@ spec:
app: pomerium-proxy
spec:
containers:
- image: pomerium/pomerium:v0.5.0
- image: pomerium/pomerium:master
name: pomerium-proxy
args:
- --config=/etc/pomerium/config.yaml
ports:
- containerPort: 80
name: http
- containerPort: 443
name: https
protocol: TCP
env:
- name: SERVICES
@ -53,12 +53,12 @@ spec:
readinessProbe:
httpGet:
path: /ping
port: 80
port: 443
scheme: HTTP
livenessProbe:
httpGet:
path: /ping
port: 80
port: 443
scheme: HTTP
initialDelaySeconds: 10
timeoutSeconds: 1