2.7 KiB
Helm
This quickstart will show you how to deploy Pomerium with Kubernetes. Though there are countless ways to work with Kubernetes, for the purpose of this guide, we will be using Google's Kubernetes Engine. That said, most of the following steps should be very similar using any other provider with the biggest difference being in the configuration of your ingress.
Prerequisites
- A Google Cloud Account
- A configured identity provider
- Install kubectl
- Install the Google Cloud SDK
- Install helm
- A wild-card TLS certificate
Download
Retrieve the latest copy of pomerium's source-code by cloning the repository.
git clone https://github.com/pomerium/pomerium.git $HOME/pomerium
Configure
Edit the the install command in the helm_gke.sh script to match your identity provider and access policy settings.
Generate a wild-card TLS certificate. If you don't have one handy, the included script generates one from LetsEncrypt.
Run
Run ./scripts/helm_gke.sh which will:
- Provision a new cluster
- Create authenticate, authorize, and proxy deployments.
- Provision and apply authenticate, authorize, and proxy services.
- Configure an ingress, Google's default load balancer.
sh ./scripts/helm_gke.sh
You should see roughly the following in your terminal. Note, provisioning does take a few minutes.
[
](https://asciinema.org/a/223821
And if you check out Google's Kubernetes Engine dashboard you'll see something like:
Navigate
Open a browser and navigate to httpbin.corp.example.com.
You should see something like the following in your browser.
