3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-04-29 18:36:30 +02:00
Code Issues Projects Releases Packages Wiki Activity
Pomerium is an identity and context-aware access proxy.
3438 commits 156 branches 125 tags 103 MiB
Go 96.1%
TypeScript 2.1%
Jsonnet 1%
Shell 0.3%
Lua 0.2%
Other 0.2%
Find a file
Joe Kralicky de603f87de
Add new configurable bootstrap writers (#2405) (#5114) 
* Add new configurable bootstrap writers (#2405)

This PR adds the ability to configure different backends to use for
storing modifications to the zero bootstrap config. The two currently
implemented backends allow writing changes to a file or to a Kubernetes
secret. Backend selection is determined by the scheme in a URI passed to
the flag '--config-writeback-uri'.

In a Kubernetes environment, where the bootstrap config is mounted into
the pod from a secret, this option allows Pomerium to write changes back
to the secret, as writes to the mounted secret file on disk are not
persisted.

* Use env vars for bootstrap config filepath/writeback uri

* linter pass and code cleanup

* Add new config writer options mechanism

This moves the encryption cipher parameter out of the WriteConfig()
method in the ConfigWriter interface and into a new ConfigWriterOptions
struct. Options (e.g. cipher) can be applied to an existing ConfigWriter
to allow customizing implementation-specific behavior.

* Code cleanup/lint fixes

* Move vendored k8s code into separate package, and add license header and package comment
2024-05-31 12:26:17 -04:00
.github core/lint: upgrade golangci-lint, replace interface{} with any (#5099) 2024-05-02 14:33:52 -06:00
.vscode use tlsClientConfig instead of custom dialer (#3830) 2022-12-27 09:55:36 -07:00
authenticate core/identity: dynamic authenticator registration (#5105) 2024-05-07 16:45:39 -06:00
authorize core/lint: upgrade golangci-lint, replace interface{} with any (#5099) 2024-05-02 14:33:52 -06:00
changelogs changelog for v0.25 (#4896) 2024-01-09 16:30:24 -05:00
cmd/pomerium Add new configurable bootstrap writers (#2405) (#5114) 2024-05-31 12:26:17 -04:00
config Envoy resource monitoring & overload manager configuration (#5106) 2024-05-28 16:57:09 -04:00
databroker core/identity: dynamic authenticator registration (#5105) 2024-05-07 16:45:39 -06:00
examples core/config: remove debug option, always use json logs (#4857) 2023-12-15 11:29:05 -07:00
integration Ensure k3s runs as pid 1 in docker 2024-05-28 15:26:32 -04:00
internal Add new configurable bootstrap writers (#2405) (#5114) 2024-05-31 12:26:17 -04:00
k8s/zero zero/k8s: deployment manifests (#4763) 2024-01-08 12:08:14 -05:00
ospkg move directory providers (#3633) 2022-11-03 11:33:56 -06:00
pkg Envoy resource monitoring & overload manager configuration (#5106) 2024-05-28 16:57:09 -04:00
proxy core/lint: upgrade golangci-lint, replace interface{} with any (#5099) 2024-05-02 14:33:52 -06:00
scripts envoy: upgrade to v1.30.1 (#5080) 2024-04-22 12:05:37 -07:00
ui adds upstream error page (#5113) 2024-05-14 18:23:24 +02:00
.codecov.yml development: change codecov precision 2019-07-18 16:49:37 -07:00
.dockerignore frontend: react+mui (#3004) 2022-02-07 08:47:58 -07:00
.fossa.yml rm cli code (#2824) 2021-12-15 16:25:21 -05:00
.gitattributes assets: use embed instead of statik (#1960) 2021-03-03 18:56:55 -07:00
.gitignore core/ui: improve frontend build size (#5109) 2024-05-09 07:10:00 -06:00
.golangci.yml envoy: enable TCP keepalive for internal clusters (#4902) 2024-01-11 09:12:45 -08:00
.pre-commit-config.yaml integration: add single-cluster integration tests (#2516) 2021-08-24 15:35:05 -06:00
.tool-versions core/lint: upgrade golangci-lint, replace interface{} with any (#5099) 2024-05-02 14:33:52 -06:00
3RD-PARTY dependencies: vendor base58, remove shortuuid (#2739) 2021-11-02 09:23:15 -06:00
DEBUG.MD deplyoment: add debug build / container / docs (#1513) 2020-10-13 16:54:21 -04:00
Dockerfile chore(deps): bump the docker group with 3 updates (#5098) 2024-05-01 11:57:58 -06:00
Dockerfile.debug chore(deps): bump the docker group with 3 updates (#5098) 2024-05-01 11:57:58 -06:00
go.mod Envoy resource monitoring & overload manager configuration (#5106) 2024-05-28 16:57:09 -04:00
go.sum Envoy resource monitoring & overload manager configuration (#5106) 2024-05-28 16:57:09 -04:00
LICENSE initial release 2019-01-02 12:13:36 -08:00
Makefile core/lint: upgrade golangci-lint, replace interface{} with any (#5099) 2024-05-02 14:33:52 -06:00
pomerium.go fix go get, improve redis test (#2450) 2021-08-06 12:07:20 -06:00
README.md update README: link to Contributing page (#5072) 2024-04-15 14:03:38 -07:00
RELEASING.md deployment: update RELEASING.md (#3503) 2022-08-16 10:40:03 -07:00
SECURITY.md Update SECURITY.md (#4144) 2023-05-01 15:17:50 -04:00

README.md

pomerium logo

Go Report Card GoDoc LICENSE Docker Pulls

Pomerium builds secure, clientless connections to internal web apps and services without a corporate VPN.

Pomerium is:

  • Easier because you dont have to maintain a client or software.
  • Faster because its deployed directly where your apps and services are. No more expensive data backhauling.
  • Safer because every single action is verified for trusted identity, device, and context.

Its not a VPN alternative its the trusted, foolproof way to protect your business.

Docs

For comprehensive docs, and tutorials see our documentation.

Contributing

See Contributing for information on how you can contribute to Pomerium.