Giters

robincher / pomerium-kubernetes-recipe

Kubernetes recipe for Pomerium Identity Aware Proxy

Home Page:https://www.pomerium.com

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

iapkubernetespomerium

Pomerium Kubernetes Recipe

PRs Welcome MIT License

Introduction

Pomerium is a Identity aware proxy that aim to provide secure access from an untrusted network to your upstream services.

This repository is a collection of recipes for deploying Pomerium into a Kubernetes cluster.

I have written a detailed post about the implementation and motivation behind this deploying Pomerium IAP

Preparation

This recipe is tested with the following

  1. AWS Elastic Kubernetes Service (EKS) 1.17
  2. Application LoadBalancer with HTTPS
  3. Nginx Ingress (Optional) for Kubernetes Cluster - You can set-up Pomerium proxy service as a node port and bind directly to the Application Load Balancer

System Context

context-diagram.png

Directory Structure

|- assets
|- workloads
|-- pomerium
|-- common
  1. Pomerium : Consists of all Pomerium related resources
  2. Common : Other resources like mock services

References

About

Kubernetes recipe for Pomerium Identity Aware Proxy

https://www.pomerium.com

iapkubernetespomerium

License:MIT License

Languages

Language:Shell 100.0%