2.7 KiB
| title | lang | meta | |||||
|---|---|---|---|---|---|---|---|
| Helm | en-US |
|
Pomerium using Helm
This quick-start will show you how to deploy Pomerium with Helm on Kubernetes.
Prerequisites
- A Google Cloud Account
- A configured identity provider
- Install kubectl
- Install the Google Cloud SDK
- Install helm
- TLS certificates
Though there are many ways to work with Kubernetes, for the purpose of this guide, we will be using Google's Kubernetes Engine. That said, most of the following steps should be very similar using any other provider.
In addition to sharing many of the same features as the Kubernetes quickstart guide, the default helm deployment script also includes a bootstrapped certificate authority enabling mutually authenticated and encrypted communication between services that does not depend on the external LetsEncrypt certificates. Having the external domain certificate de-coupled makes it easier to renew external certificates.
Configure
Download and modify the following helm_gke.sh script and values file to match your identity provider and TLS certificates settings.
<<<@/docs/configuration/examples/helm/helm_gke.sh
<<<@/docs/configuration/examples/kubernetes/values.yaml
Run
Run ./scripts/helm_gke.sh which will:
- Provision a new cluster.
- Create authenticate, authorize, and proxy deployments.
- Provision and apply authenticate, authorize, and proxy services.
- Configure an ingress, Google's default load balancer.
./scripts/helm_gke.sh
Navigate
Open a browser and navigate to httpbin.your.domain.example.
You can also navigate to the special pomerium endpoint httpbin.your.domain.example/.pomerium/ to see your current user details.
