3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-16 01:32:56 +02:00
Code Issues Projects Releases Packages Wiki Activity
pomerium/docs/enterprise/reference.md
Alex Fornuto e0b90a0750 Enterprise settings docs (#2397) 
* init console-specific reference docs files

* remove shortdoc for name

* init Enterprise Reference doc
2021-07-29 15:43:38 -05:00

4.1 KiB
Raw Blame History

title lang sidebarDepth meta
Reference en-US 2
name content
keywords configuration options settings Pomerium enterprise console

Pomerium Enterprise Console Settings

The Pomerium Enterprise Console is initially configured using a configuration file (YAML/JSON/TOML) or environment variables. In general, environmental variable keys are identical to config file keys but are uppercase.

If you are coming from a Kubernetes or docker background this should feel familiar. If not, check out the following primers.

Using both environmental variables and config file keys is allowed and encouraged (for instance, secret keys are probably best set as environmental variables). However, if duplicate configuration keys are found, environment variables take precedence.

Additional configuration and the setting of routes and policies is performed through the web user interface (UI).

Configuration Settings

These configuration values are set in the config.yaml file for Pomerium Enterprise Console. Once the console is accessible, configuration is adjusted through the web UI.

User Impersonation

@travis fill me with delicious data!

Reports

Traffic

Runtime

Sessions

Events

Deployments

Manage

Routes

Policies

A Policy defines what permissions a set of users or groups has. Policies are applied to [Namespaces] or [Routes] to associate the set of permissions with a service or set of service, completing the authentication model.

::: tip This is a separate concept from policies in the non-enterprise model. In open-source Pomerium, the policy block defines both routes and access. :::

Policies can be constructed three ways:

Web UI

From the BUILDER tab, users can add allow or deny blocks to a policy, containing and/or/not/nor logic to allow or deny sets of users and groups.

A policy being constructed in Pomerium Enterprise console allowing a single user access

Pomerium Policy Language

From the EDITOR tab users can write policies in Pomerium Policy Language, a YAML-based notation.

A policy as viewed from the editor tab

Rego

For those using OPA, the REGO tab will accept policies written in Rego.

Certificates

Configure

Settings

Global

Cookies

Timeouts

GRPC

Tracing

Authenticate

Authorize

Proxy

Service Accounts

Namespaces

A Namespace is a collection of users, groups, routes, and policies that allows system administrators to organize, manage, and delegate permissions across their infrastructure.

  • Policies can be optional or enforced on a Namespace, and they can be nested to create inheritance.
  • Users or groups can be granted permission to edit access to routes within a Namespace, allowing them self-serve access to the routes critical to their work.