Skip to content

Commit

Permalink
Updates for Pomerium v0.17.0 (pomerium#276)
Browse files Browse the repository at this point in the history
  • Loading branch information
@travisgroth
travisgroth authored Mar 21, 2022
1 parent 09d9e14 commit 7dacaab
Show file tree
Hide file tree
Showing 6 changed files with 28 additions and 9 deletions.
4 changes: 2 additions & 2 deletions charts/pomerium/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
apiVersion: v2
name: pomerium
version: 30.1.2
appVersion: 0.16.4
version: 31.0.0
appVersion: 0.17.0
home: http://www.pomerium.com/
icon: https://www.pomerium.com/img/icon.svg
description: Pomerium is an identity-aware access proxy.
Expand Down
14 changes: 14 additions & 0 deletions charts/pomerium/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@
- [Redis Subchart](#redis-subchart)
- [Configuration](#configuration)
- [Changelog](#changelog)
- [31.0.0](#3100)
- [30.0.0](#3000)
- [29.0.0](#2900)
- [28.0.0](#2800)
Expand Down Expand Up @@ -59,6 +60,7 @@
- [3.0.0](#300)
- [2.0.0](#200)
- [Upgrading](#upgrading)
- [31.0.0](#3100-1)
- [30.0.0](#3000-1)
- [29.0.0](#2900-1)
- [28.0.0](#2800-1)
Expand Down Expand Up @@ -435,6 +437,12 @@ A full listing of Pomerium's configuration variables can be found on the [config
| `ingressController.replicaCount` | Number of ingressController pods to run | `1` |
| `ingressController.image.repository` | Pomerium ingressController image | `pomerium/ingress-controller` |
| `ingressController.image.tag` | Pomerium ingressController image tag | `v0.15.0` |
| `ingressController.ingressClassResource.enabled` | Create a IngressClass resource for the Ingress Controller | `true` |
| `ingressController.ingressClassResource.default` | Set the IngressClass resource as default | `false` |
| `ingressController.ingressClassResource.name` | Name of the IngressClass resource | `pomerium` |
| `ingressController.ingressClassResource.controllerName` | IngressClass controller name | `pomerium.io/ingress-controller` |
| `ingressController.ingressClassResource.parameters` | Additional parameters for the IngressClass | `{}` |
| `ingressController.ingressClassResource.defaultCertSecret` | Specify a default TLS certificate for Ingress resources that do not specify their own. Format: [namespace]/[name] | |
| `ingressController.config.ingressClass` | `kubernetes.io/ingress.class` for the ingressController to monitor | `pomerium.io/ingress-controller` |
| `ingressController.config.namespaces` | List of namespaces to monitor for `Ingress` resources. Defaults to all. | `[]` |
| `ingressController.config.operatorMode` | Run Ingress Controller as a replacement for the Pomerium Operator. This implies using Forward-Auth and a third party Proxy. |
Expand All @@ -447,6 +455,9 @@ A full listing of Pomerium's configuration variables can be found on the [config

## Changelog

### 31.0.0
- Update to v0.17 of Pomerium
- Require `authenticate.ingress.tls.secretName` if `config.generateTLS` is not enabled
### 30.0.0
- Revert breaking config changes in 29.0.0
- Add `redis.auth.createSecret` flag
Expand Down Expand Up @@ -614,6 +625,9 @@ A full listing of Pomerium's configuration variables can be found on the [config

## Upgrading

### 31.0.0
- See [v0.17 upgrade guide](https://www.pomerium.com/docs/upgrading.html#since-0-16-0)
- If you have set `config.generateTLS=false` and are using the Ingress Controller, be sure you have provied a proper external certificate via `authenticate.ingress.tls.secretName`
### 30.0.0

- Rename `redis.auth.secret` to `redis.auth.existingSecret` in your values file
Expand Down
4 changes: 1 addition & 3 deletions charts/pomerium/templates/authenticate-ingress.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,12 +18,10 @@ metadata:
{{- end }}
spec:
ingressClassName: {{ .Values.ingressController.ingressClassResource.name }}
{{- if .Values.authenticate.ingress.tls.secretName }}
tls:
- secretName: {{ .Values.authenticate.ingress.tls.secretName }}
- secretName: {{ default (include "pomerium.authenticate.tlsSecret.name" .) .Values.authenticate.ingress.tls.secretName }}
hosts:
- {{ include "pomerium.authenticate.hostname" . }}
{{- end }}
rules:
- host: {{ template "pomerium.authenticate.hostname" . }}
http:
Expand Down
5 changes: 4 additions & 1 deletion charts/pomerium/templates/ingressclass.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,10 +9,13 @@ metadata:
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/component: ingressController
{{- if .Values.ingressController.ingressClassResource.default }}
annotations:
{{- if .Values.ingressController.ingressClassResource.default }}
ingressclass.kubernetes.io/is-default-class: "true"
{{- end }}
{{- with .Values.ingressController.ingressClassResource.defaultCertSecret }}
ingress.pomerium.io/default-cert-secret: {{ . }}
{{- end }}
spec:
controller: {{ .Values.ingressController.ingressClassResource.controllerName }}
{{- if .Values.ingressController.ingressClassResource.parameters -}}
Expand Down
5 changes: 4 additions & 1 deletion charts/pomerium/templates/validation.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
{{- if and (and .Values.ingressController.enabled (not .Values.ingressController.operatorMode)) .Values.config.insecureProxy -}}
{{ fail "`ingressController.enabled` is not compatible with `config.insecureProxy`" }}
{{- end -}}
{{- end -}}
{{- if and .Values.ingressController.enabled (not (or .Values.config.generateTLS .Values.authenticate.ingress.tls.secretName )) -}}
{{ fail "A TLS certificate must be available for Authenticate when using the ingress controller. Please set `config.generateTLS` or `authenticate.ingress.tls.secretName"}}
{{- end -}}
5 changes: 3 additions & 2 deletions charts/pomerium/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -197,11 +197,12 @@ ingressController:
name: pomerium
controllerName: pomerium.io/ingress-controller
parameters: {}
defaultCertSecret: ""
fullnameOverride: ""
nameOverride: ""
image:
repository: "pomerium/ingress-controller"
tag: "v0.16.1"
tag: "v0.17.0"
deployment:
annotations: {}
extraEnv: {}
Expand Down Expand Up @@ -303,7 +304,7 @@ imagePullSecrets: ""

image:
repository: "pomerium/pomerium"
tag: "v0.16.4"
tag: "v0.17.0"
pullPolicy: "IfNotPresent"

metrics:
Expand Down

0 comments on commit 7dacaab

Please sign in to comment.