3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-04-30 19:06:33 +02:00
Code Issues Projects Releases Packages Wiki Activity
pomerium/docs/guide/kubernetes.md
Bobby DeSimone c886b924e7
authenticate: use gRPC for service endpoints (#39) 
* authenticate: set cookie secure as default.
* authenticate: remove single flight provider.
* authenticate/providers: Rename “ProviderData” to “IdentityProvider”
* authenticate/providers: Fixed an issue where scopes were not being overwritten
* proxy/authenticate : http client code removed.
* proxy: standardized session variable names between services.
* docs: change basic docker-config to be an “all-in-one” example with no nginx load.
* docs:  nginx balanced docker compose example with intra-ingress settings.
* license:  attribution for adaptation of goji’s middleware pattern.
2019-02-08 10:10:38 -08:00

3.2 KiB
Raw Blame History

Kubernetes

This quickstart will show you how to deploy Pomerium with Kubernetes. For the purpose of this guide, we will be using Google's Kubernetes Engine. However, there are countless ways to work with Kubernetes:

Most of the following steps should be very similar using any other provider.

:::tip

Google Cloud Platform has a free trial with $300 credits.

:::

Prerequisites

Download

Retrieve the latest copy of pomerium's source-code by cloning the repository.

git clone https://github.com/pomerium/pomerium.git $HOME/pomerium

Configure

Edit the the example kubernetes files to match your identity provider settings:

  • ./docs/docs/examples/authenticate.deploy.yml
  • ./docs/docs/examples/authenticate.service.yml
  • ./docs/docs/examples/proxy.deploy.yml
  • ./docs/docs/examples/proxy.service.yml
  • ./docs/docs/examples/ingress.yml

Place your domain's wild-card TLS certificate (privkey.pem and cert.pem) in the root of the repository. If you don't have one handy, the included script generates one from LetsEncrypt.

Edit ./scripts/kubernetes_gke.sh making sure to change the identity provider secret value to match your identity provider settings.

Run

Run ./scripts/kubernetes_gke.sh which will:

  1. Provision a new cluster
  2. Create authenticate and proxy deployments.
  3. Provision and apply authenticate and proxy services.
  4. Configure an ingress load balancer.
sh ./scripts/kubernetes_gke.sh

You should see roughly the following in your terminal. Note, provisioning does take a few minutes.

asciicast

And if you check out Google's Kubernetes Engine dashboard you'll see something like:

Google's Kubernetes Engine dashboard

Navigate

Open a browser and navigate to httpbin.your.domain.com.

You should see something like the following in your browser.

Getting started