c7c2087483
In split service mode, and during periods of inactivity, the gRPC connections to the databroker may fall idle. Some network firewalls may eventually time out an idle TCP connection and even start dropping subsequent packets once connection traffic resumes. Combined with Linux default TCP retransmission settings, this could cause a broken connection to persist for over 15 minutes. In an attempt to avoid this scenario, enable TCP keepalive for outbound gRPC connections, matching the Go standard library default settings for time & interval: 15 seconds for both. (The probe count does not appear to be set, so it will remain at the OS default.) Add a test case exercising the BuildClusters() method with the default configuration options, comparing the results with a reference "golden" file in the testdata directory. Also add an '-update' flag to make it easier to update the reference golden when needed: go test ./config/envoyconfig -update |
||
|---|---|---|
| .github | ||
| .vscode | ||
| authenticate | ||
| authorize | ||
| changelogs | ||
| cmd/pomerium | ||
| config | ||
| databroker | ||
| examples | ||
| integration | ||
| internal | ||
| k8s/zero | ||
| ospkg | ||
| pkg | ||
| proxy | ||
| scripts | ||
| ui | ||
| .codecov.yml | ||
| .dockerignore | ||
| .fossa.yml | ||
| .gitattributes | ||
| .gitignore | ||
| .golangci.yml | ||
| .pre-commit-config.yaml | ||
| .tool-versions | ||
| 3RD-PARTY | ||
| DEBUG.MD | ||
| Dockerfile | ||
| Dockerfile.debug | ||
| go.mod | ||
| go.sum | ||
| LICENSE | ||
| Makefile | ||
| pomerium.go | ||
| README.md | ||
| RELEASING.md | ||
| SECURITY.md | ||
Pomerium builds secure, clientless connections to internal web apps and services without a corporate VPN.
Pomerium is:
- Easier because you don’t have to maintain a client or software.
- Faster because it’s deployed directly where your apps and services are. No more expensive data backhauling.
- Safer because every single action is verified for trusted identity, device, and context.
It’s not a VPN alternative – it’s the trusted, foolproof way to protect your business.
Docs
For comprehensive docs, and tutorials see our documentation.
Integration Tests
To run the integration tests locally, first build a local development image:
./scripts/build-dev-docker.bash
Next go to the integration/clusters folder and pick a cluster, for example google-single, then use docker-compose to start the cluster. We use an environment variable to specify the dev docker image we built earlier:
cd integration/clusters/google-single
env POMERIUM_TAG=dev docker-compose up -V
Once that's up and running you can run the integration tests from another terminal:
go test -count=1 -v ./integration/...
If you need to make a change to the clusters themselves, there's a tpl folder that contains jsonnet files. Make a change and then rebuild the clusters by running:
go run ./integration/cmd/pomerium-integration-tests/ generate-configuration