What happened?
I installed Pomerium following these steps:
- I deployed this https://raw.githubusercontent.com/pomerium/ingress-controller/main/deployment.yaml
- I created idp-secret
- I created global pomerium
apiVersion: ingress.pomerium.io/v1
kind: Pomerium
metadata:
name: global
namespace: sys-security
spec:
secrets: sys-security/bootstrap
authenticate:
url: https://auth-pre.example.team
identityProvider:
provider: google
secret: sys-security/idp
certificates:
- sys-security/pomerium-proxy-tls
- I created Cert-manager Issuer:
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: letsencrypt-staging
namespace: sys-security
spec:
acme:
server: https://acme-staging-v02.api.letsencrypt.org/directory
email: myemail@gmail.com
privateKeySecretRef:
name: letsencrypt-staging
solvers:
- http01:
ingress:
class: pomerium
- I created the Certificate:
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: pomerium-proxy-tls
namespace: sys-security
spec:
secretName: pomerium-proxy-tls
issuerRef:
name: letsencrypt-staging
kind: Issuer
group: cert-manager.io
commonName: "*.example.team"
dnsNames:
- "example.team"
- "*.example.team"
- "auth-pre.example.team"
duration: 2160h
renewBefore: 1440h
What did you expect to happen?
Pomerium should now be installed and running in my cluster by verifying by going to https://auth-pre.example.team
in my browser.
What’s your environment like?
- pomerium/ingress-controller:main
- Kubernetes: 1.21.14-gke.14100
What’s your config.yaml?
address: ":80"
grpc_address: ":80"
grpc_insecure: true
insecure_server: true
authenticate_service_url: https://auth-pre.example.team
idp_provider: 'google'
idp_client_id: '********'
idp_client_secret: '******'
What did you see in the logs ?
{Pomerium: {…}, controller: bootstrap pod/pomerium-78c886b45f-khcvj, controllerGroup: ingress.pomerium.io, controllerKind: Pomerium,
error: certs: get sys-security/pomerium-proxy-tls: Secret "pomerium-proxy-tls" not found, level: error, msg: config rejected, name: global...
Additional context
I created a configmap based on config.yaml and then I mounted it in Pomerium’s Deployment.