New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
zero: managed mode controller #4459
Conversation
…ro-retry-bootstrap-reconciler
…ro-retry-bootstrap-reconciler
…otstrap-reconciler
…ro-retry-bootstrap-reconciler
@@ -0,0 +1,11 @@ | |||
//go:build release |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
note: I am not a fan of using build flags in this way. As much as possible I prefer to have the same binary running locally that's run in production.
This is my personal preference and there is nothing that needs to be changed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm also not a big fan of build tags.
I wanted to make sure the release binary won't be customizable using those dev env variables; what do you feel might be a cleaner way of dealing with that?
Summary
This is a main managed mode controller for Zero.
If a variable
POMERIUM_ZERO_TOKEN
is set, Pomerium would enter managed mode.In development, it additionally accepts
CONNECT_SERVER_ENDPOINT
CLUSTER_API_ENDPOINT
(should be full cluster API URL - i.e. have/cluster/v1
suffix)The control loop is simple:
Related issues
User Explanation
Checklist
improvement
/bug
/ etc)