3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-01 11:26:29 +02:00
Code Issues Projects Releases Packages Wiki Activity
pomerium/scripts/helm_gke.sh

52 lines
2.5 KiB
Bash
Executable file
Raw Blame History

#!/bin/bash
# PRE-REQ: Install Helm : You should verify the content of this script before running.
# curl https://raw.githubusercontent.com/kubernetes/helm/master/scripts/get | bash
# NOTE! This will create real resources on Google's cloud. Make sure you clean up any unused
# resources to avoid being billed. For reference, this tutorial cost me <10 cents for a couple of hours.
# NOTE! You must change the identity provider client secret setting, and service account setting!
# NOTE! If you are using gsuite, you should also set `authenticate.idp.serviceAccount`, see docs !
echo "=> [GCE] creating cluster"
gcloud container clusters create pomerium
echo "=> [GCE] get cluster credentials so we can use kubctl locally"
gcloud container clusters get-credentials pomerium
echo "=> [GCE] ensure your user account has the cluster-admin role in your cluster"
kubectl create \
clusterrolebinding \
user-admin-binding \
--clusterrole=cluster-admin \
--user=$(gcloud config get-value account)
echo "=> Create a service account that Tiller, the server side of Helm, can use for deploying your charts."
kubectl create serviceaccount tiller --namespace kube-system
echo "=> Grant the Tiller service account the cluster-admin role in your cluster"
kubectl create clusterrolebinding tiller-admin-binding --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
echo "=> initialize Helm to install Tiller in your cluster"
helm init --service-account=tiller
helm repo update
echo "=> wait a minute for tiller to get setup"
sleep 60
echo "=> install pomerium with helm"
echo " replace configuration settings to meet your specific needs and identity provider settings"
helm install ./helm/ \
--set service.type="NodePort" \
--set ingress.secret.name="pomerium-tls" \
--set ingress.secret.cert=$(base64 -i "$HOME/.acme.sh/*.corp.pomerium.io_ecc/*.corp.pomerium.io.cer") \
--set ingress.secret.key=$(base64 -i "$HOME/.acme.sh/*.corp.pomerium.io_ecc/*.corp.pomerium.io.key") \
--set config.policy="$(cat policy.example.yaml | base64)" \
--set authenticate.idp.provider="google" \
--set authenticate.idp.clientID="REPLACE_ME" \
--set authenticate.idp.clientSecret="REPLACE_ME" \
--set-string ingress.annotations."kubernetes\.io/ingress\.allow-http"=false \
--set ingress.annotations."cloud\.google\.com/app-protocols"=\"{\"https\":\"HTTPS\"}\"
# When done, clean up by deleting the cluster!
# helm del $(helm ls --all --short) --purge # deletes all your helm instances
# gcloud container clusters delete pomerium # deletes your cluster
Reference in a new issue View git blame Copy permalink