3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-04 04:46:01 +02:00
Code Issues Projects Releases Packages Wiki Activity
3487 commits 159 branches 125 tags 104 MiB
Commit graph

49 commits

Author SHA1 Message Date
Denis Mishin
09f1585b01
zero/cmd: make it more evident what caused shutdown (#5209) 2024-08-06 15:10:58 -04:00
Kenneth Jenkins
42a975ce44
zero: set fixed start time for active users test (#5154) 2024-06-26 17:29:36 -07:00
Denis Mishin
a7dd30ad29
zero/telemetry: add hostname and version (#5146) 2024-06-24 21:33:37 -04:00
Denis Mishin
8d206e0087
zero/telemetry: collect limited core metrics (#5142) 2024-06-18 19:15:11 -04:00
Denis Mishin
c1dec06afa
zero/telemetry: internal envoy stats scraper and metrics producer (#5136) 2024-06-16 20:41:05 -04:00
Denis Mishin
114f730dba
zero: refactor telemetry and controller (#5135) 
* zero: refactor controller

* refactor zero telemetry and controller

* wire with connect handler

* cr
 2024-06-12 21:59:25 -04:00
Denis Mishin
cc636be707
zero: refactor controller (#5134) 2024-06-12 16:31:42 -04:00
Denis Mishin
e12532ba52
zero/connect: add telemetry request command (#5131) 
* zero/connect: add telemetry request command

* rm relabeling
 2024-06-10 22:54:02 -04:00
Joe Kralicky
de603f87de
Add new configurable bootstrap writers (#2405) (#5114) 
* Add new configurable bootstrap writers (#2405)

This PR adds the ability to configure different backends to use for
storing modifications to the zero bootstrap config. The two currently
implemented backends allow writing changes to a file or to a Kubernetes
secret. Backend selection is determined by the scheme in a URI passed to
the flag '--config-writeback-uri'.

In a Kubernetes environment, where the bootstrap config is mounted into
the pod from a secret, this option allows Pomerium to write changes back
to the secret, as writes to the mounted secret file on disk are not
persisted.

* Use env vars for bootstrap config filepath/writeback uri

* linter pass and code cleanup

* Add new config writer options mechanism

This moves the encryption cipher parameter out of the WriteConfig()
method in the ConfigWriter interface and into a new ConfigWriterOptions
struct. Options (e.g. cipher) can be applied to an existing ConfigWriter
to allow customizing implementation-specific behavior.

* Code cleanup/lint fixes

* Move vendored k8s code into separate package, and add license header and package comment
 2024-05-31 12:26:17 -04:00
Denis Mishin
8269a723ec
health-checks: zero route availability improvements (#5111) 2024-05-17 16:47:27 -04:00
Caleb Doxsey
1a5b8b606f
core/lint: upgrade golangci-lint, replace interface{} with any (#5099) 
* core/lint: upgrade golangci-lint, replace interface{} with any

* regen proto
 2024-05-02 14:33:52 -06:00
Denis Mishin
614048ae9c
health-checks: add route reachability (#5093) 
* health-checks: add route reachability

* rm tls check bypass
 2024-05-02 13:31:48 -04:00
Denis Mishin
df67fb7086
connect: add health check (#5086) 2024-04-26 11:56:36 -04:00
Denis Mishin
2da4801d3a
zero: add user-agent to requests (#5078) 2024-04-19 11:33:43 -04:00
Denis Mishin
deb6f67094
healthcheck: only report transitions (#5068) 2024-04-16 13:15:18 -04:00
Caleb Doxsey
ed378af744
core/zero: lower log level (#5065) 2024-04-11 15:31:25 -06:00
Denis Mishin
dc7820ea3e
zero/healthchecks: add checks for ability to save bootstrap parameter and bundle status reporting (#5064) 2024-04-11 10:47:52 -04:00
Denis Mishin
991fca496c
healthcheck: add common package, zero reporter and first xds check (#5059) 2024-04-10 15:21:39 -04:00
Caleb Doxsey
4ac06d3bbd
core/logging: less verbose logs (#5040) 2024-03-29 15:26:20 -06:00
Denis Mishin
d20e99ca8c
zero: fix bootstrap config path (#5035) 2024-03-21 20:39:52 -04:00
Denis Mishin
4193583301
zero: add service accounts support (#5031) 
* zero: add service accounts support

* quit on terminal errors
 2024-03-20 17:03:03 -04:00
Caleb Doxsey
67d1362a90
core/zero: fix ticker usage (#4969) 2024-03-06 14:28:21 -07:00
Denis Mishin
d405a53b90
zero: simplify control loop lease retry code (#4979) 
zero: simplify lease control loop
 2024-03-01 11:36:08 -05:00
Denis Mishin
2db2bd09a1
connect: add gRPC keep-alive (#4961) 2024-02-13 18:26:14 -05:00
Denis Mishin
7edd538be7
zero/bootstrap: reset back to inmem databroker if connection string is empty (#4955) 2024-02-05 20:15:33 -05:00
Denis Mishin
3ca2f2462d
zero/reconciler: remove unused changeset code (#4915) 2024-01-24 19:21:34 -05:00
Denis Mishin
07d608792f
zero: group funcs that need run within a lease (#4862) 2023-12-21 11:41:41 -05:00
Denis Mishin
faa2a8652b
zero/telemetry: add reporter (#4855) 2023-12-20 14:53:06 -05:00
Caleb Doxsey
d6221c07ce
core/config: remove debug option, always use json logs (#4857) 
* core/config: remove debug option, always use json logs

* go mod tidy
 2023-12-15 11:29:05 -07:00
Caleb Doxsey
ddc9d957ba
core/ci: fix linting issues (#4856) 2023-12-14 10:47:13 -07:00
Caleb Doxsey
a2fd95aae6
core/ci: update linting (#4844) 
* core/ci: update linting

* re-add exportloopref

* re-add gocheckcompilerdirectives

* re-add stylecheck

* re-add usestdlibvars

* upgrade lint

---------

Co-authored-by: Denis Mishin <dmishin@pomerium.com>
 2023-12-14 09:07:54 -08:00
Denis Mishin
b66634d1e6
zero: only leave public packages in pkg/zero (#4854) 2023-12-12 14:24:37 -05:00
Denis Mishin
ea64902a73
zero: merge pomerium/zero-sdk (#4848) 2023-12-11 17:31:39 -05:00
Denis Mishin
c4dd965f2d
zero/telemetry: calculate DAU and MAU (#4810) 2023-12-11 13:37:01 -05:00
Denis Mishin
8a2cf3faf2
zero: add more verbose logging about background control loops (#4815) 2023-12-05 11:22:01 -05:00
Denis Mishin
d2b2ad3250
zero: use production urls by default (#4814) 2023-12-04 20:01:46 -05:00
Denis Mishin
d610b9c25c
zero/core: set drwx------ for cache dir (#4764) 2023-11-27 10:36:25 -05:00
Denis Mishin
7e2532f644
zero/bundle-reconciler: better code reuse (#4758) 2023-11-21 14:32:52 -05:00
Kenneth Jenkins
14b13bb791
zero: use os.UserCacheDir for boostrap config path (#4744) 2023-11-17 14:44:32 -08:00
Caleb Doxsey
6810091d38
core/zero: add support for managed mode from config file (#4756) 2023-11-17 09:04:59 -07:00
Kenneth Jenkins
59bd8b3dfa
zero/reconciler: fix restart behavior (#4753) 
Currently the RunWithRestart() loop may not exit when execFn returns an
error unrelated to its context cancellation. Add an additional check for
this case.
 2023-11-15 14:03:22 -08:00
Caleb Doxsey
3c2dc5e0a2 core/zero: fix urls (#4743) 2023-11-15 09:21:56 -08:00
Denis Mishin
86e4ad65d1 zero: derive signing key first thing (#4631) 2023-11-15 09:21:56 -08:00
Denis Mishin
0e1061d813 zero: restart config reconciliation when databroker storage is changed (#4623) 2023-11-15 09:21:56 -08:00
Denis Mishin
60ab9dafbe zero: report resource bundle reconciliation status (#4618) 
* zero: report resource bundle reconciliation status

* use latest zero-sdk
 2023-11-15 09:21:56 -08:00
Denis Mishin
e64e682853 zero: rm extra call on start (#4474) 2023-11-15 09:21:56 -08:00
Denis Mishin
e0236d3737 zero: managed mode controller (#4459) 2023-11-15 09:21:56 -08:00
Denis Mishin
ea8762d706 zero: resource bundle reconciler (#4445) 2023-11-15 09:21:56 -08:00
Denis Mishin
c0b1309e90 zero: bootstrap config (#4444) 2023-11-15 09:21:56 -08:00