-
Notifications
You must be signed in to change notification settings - Fork 70
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v0.0.5 fixes #5
v0.0.5 fixes #5
Conversation
/cc @travisgroth two issues I'm stuck on and welcome any ideas.
|
helm template . \
--set ingress.enabled=true \
--set ingress.annotations."cloud\.google\.com/app-protocols"='\{"https":"HTTPS"\} # Source: pomerium/templates/ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: release-name-pomerium
labels:
app.kubernetes.io/name: pomerium
app.kubernetes.io/instance: release-name
app.kubernetes.io/managed-by: Tiller
helm.sh/chart: pomerium-1.0.0
annotations:
cloud.google.com/app-protocols: '{"https":"HTTPS"}'
kubernetes.io/ingress.allow-http: "false" Funny thing here. The quotes are only needed for one of the 4 ingresses: helm template . --set ingress.enabled=true --set ingress.annotations.cloud\.google\.com/app-protocols='\{"https":"HTTPS"\}' | grep cloud
cloud.google.com/app-protocols: '{"https":"HTTPS"}'
cloud.google.com/app-protocols: '{"https":"HTTPS"}'
cloud.google.com/app-protocols: '{"https":"HTTPS"}'
cloud: Edit: Ah there's only one ingress obviously. the toYaml is messing it up without the quotes. |
|
\cc @victornoel @travisgroth if you don't mind giving this another look. This is what I'll merged (see updated tag) after v0.0.5 drops. |
@desimone if you can wait I will test this version of the chart with the latest build on Monday |
@desimone there is something strange with |
I must've introduced that while reworking the chart. I agree - I don't believe it makes sense anymore in the current state of things. An existing CM for just policy wouldn't make much sense. (1) config.existingConfig covers that and (2) config.policy is inlined to the in-chart CM. |
cb1b10c
to
95d2757
Compare
@desimone I think when you force-pushed yesterday you undid some of the change you had done: https://github.com/pomerium/pomerium-helm/compare/cb1b10c89fa9c49cfa2d0de7a6d608a587cf0ee2..95d2757b184bc0a8af3c0b597beaed890df78b3f |
@victornoel Thank you. I totally did. |
0b34fad
to
a28e159
Compare
- standardized example domain to corp.beyondperimeter.com - make GKE ingress annotations default (ick) - change idp.serviceAccount to be optional - fix ingress to support wilcard (individual routes cannot be hot-reloaded) - fix authorize_url to use internal location (this is a point of confusion) - fix the way internal certificates are generated
a28e159
to
d280c03
Compare
Fixes #3
Fixes #4 (thx @travisgroth ! desimone#1)