3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-02 20:06:03 +02:00
Code Issues Projects Releases Packages Wiki Activity
pomerium/docs/guide/helm.md
Bobby DeSimone e9faefea16
docs: update docs for v0.0.5
2019-06-04 15:21:25 -07:00

51 lines
2.4 KiB
Markdown
Raw Blame History

---
title: Helm
lang: en-US
meta:
- name: keywords
content: pomerium identity-access-proxy oidc kubernetes Helm reverse-proxy
---
# Pomerium using Helm
This quickstart will show you how to deploy Pomerium with Kubernetes. Though there are [many ways](https://kubernetes.io/docs/setup/pick-right-solution/) to work with Kubernetes, for the purpose of this guide, we will be using Google's [Kubernetes Engine](https://cloud.google.com/kubernetes-engine/). That said, most of the following steps should be very similar using any other provider.
In addition to sharing many of the same features as the Kubernetes quickstart guide, the default helm deployment script also includes a bootstrapped certificate authority enabling mutually authenticated and encrypted communication between services that does not depend on the external LetsEncrypt certificates. Having the external domain certificate de-coupled makes it easier to renew external certificates.
## Prerequisites
- A [Google Cloud Account](https://console.cloud.google.com/)
- A configured [identity provider]
- Install [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/)
- Install the [Google Cloud SDK](https://cloud.google.com/kubernetes-engine/docs/quickstart)
- Install [helm](https://helm.sh/docs/using_helm/)
- A [wild-card TLS certificate]
## Configure
Download and modify the [helm_gke.sh script][./scripts/helm_gke.sh] to match your [identity provider] and [wild-card tls certificate] settings.
## Run
Run [./scripts/helm_gke.sh] which will:
1. Provision a new cluster.
2. Create authenticate, authorize, and proxy [deployments](https://cloud.google.com/kubernetes-engine/docs/concepts/deployment).
3. Provision and apply authenticate, authorize, and proxy [services](https://cloud.google.com/kubernetes-engine/docs/concepts/service).
4. Configure an ingress, Google's default load balancer.
```bash
./scripts/helm_gke.sh
```
## Navigate
Open a browser and navigate to `httpbin.your.domain.example`.
[./scripts/helm_gke.sh]: ../docs/examples.html#helm
[./scripts/kubernetes_gke.sh]: ../docs/examples.html#google-kubernetes-engine
[example kubernetes files]: ../docs/examples.html#google-kubernetes-engine
[identity provider]: ../docs/identity-providers.md
[letsencrypt]: https://letsencrypt.org/
[script]: https://github.com/pomerium/pomerium/blob/master/scripts/generate_wildcard_cert.sh
[wild-card tls certificate]: ../docs/certificates.md
Reference in a new issue View git blame Copy permalink