3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-07-18 09:08:16 +02:00
Code Issues Projects Releases Packages Wiki Activity
pomerium/scripts/helm_gke.sh
Bobby DeSimone 45e6a8dc57
docs: update changelog, documentaiton, and helm configurations. (#63) 
- Update changelog.
- Update docs to cover authorization support.
- Updates helm to support authorization, and policy file.
2019-03-19 10:55:41 -07:00

47 lines
2 KiB
Bash
Executable file
Raw Blame History

#!/bin/bash
# PRE-REQ:
# 1) Install Helm : You should verify the content of this script before running.
# curl https://raw.githubusercontent.com/kubernetes/helm/master/scripts/get | bash
echo "=> [GCE] creating cluster"
gcloud container clusters create pomerium
echo "=> [GCE] get cluster credentials so we can use kubctl locally"
gcloud container clusters get-credentials pomerium
echo "=> [GCE] ensure your user account has the cluster-admin role in your cluster"
kubectl create \
clusterrolebinding \
user-admin-binding \
--clusterrole=cluster-admin \
--user=$(gcloud config get-value account)
echo "=> Create a service account that Tiller, the server side of Helm, can use for deploying your charts."
kubectl create serviceaccount tiller --namespace kube-system
echo "=> Grant the Tiller service account the cluster-admin role in your cluster"
kubectl create clusterrolebinding tiller-admin-binding --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
echo "=> initialize Helm to install Tiller in your cluster"
helm init --service-account=tiller
helm repo update
echo "=> install pomerium with helm substituting configuration values as required; be sure to change these"
helm install helm/. \
--set config.sharedSecret=$(head -c32 /dev/urandom | base64) \
--set config.cookieSecret=$(head -c32 /dev/urandom | base64) \
--set config.cert=$(base64 -i cert.pem) \
--set config.key=$(base64 -i privkey.pem) \
--set config.policy=$(cat policy.example.yaml) \
--set authentiate.idp.provider="google" \
--set authentiate.proxyRootDomains="pomerium.io" \
--set authentiate.redirectUrl="https://auth.corp.pomerium.io/oauth2/callback" \
--set authentiate.idp.clientID="REPLACE_ME" \
--set authentiate.idp.clientSecret="REPLACE_ME" \
--set proxy.authenticateServiceUrl="https://auth.corp.pomerium.io" \
--set proxy.authorizeServiceUrl="https://access.corp.pomerium.io"
# When done, clean up by deleting the cluster!
#
# helm del $(helm ls --all --short) --purge #!!! DELETES ALL YOUR HELM INSTANCES!
# gcloud container clusters delete pomerium
Reference in a new issue View git blame Copy permalink