TrueNAS Scale / TrueCharts

TL;DR having gotten Pomerium working the way I wanted on my Synology a number of years ago in front of a set of Docker containers, I’m going to be repeating this on TrueNAS Scale which is k3s-based.

Long time user, first time caller. My venerable DS918+ (and DX517) is showing its age and lack of capacity, so I recently impulse-purchased a SER6 Pro (AMD platform NUC-like with 32GB of DDR5). I started with Proxmox, then TrueNAS, and now TrueNAS Scale. During that multi-step process, I gained a new appreciation for the job Synology does making an appliance out of a complex problem. (I am going to swap in Harbormaster someday instead of Portainer, tho…)

TrueNAS Scale has a built-in ingress which I’ve disabled and replaced with MetalLB and Traefik as part of TrueCharts, which appears to be what power users do. TrueCharts recommends Authelia + LLDAP + Traefik and while I’m sure that stack is lovely it doesn’t get me what I had with Pomerium.

Posting this in case folks have recommendations or links; my ultimate goal is to get Pomerium as part of upstream TrueCharts. (Note that TrueNAS Scale is very different vs. regular TrueNAS - it’s Linux, not BSD.) Time to read pomerium traefik auth proxy and start breaking things

Pomerium uses Envoy Proxy internally, and does not require another reverse proxy in front of it (i.e. Traefik or NGINX).

Forward auth support has been removed.

I am unfamiliar with TrueCharts but it feels like a Kubernetes - if so, then see this guide Installation | Pomerium

Yep, I’m coming in with very little background on TrueNAS Scale and a Pomerium installation on Synology that has run happily for literal years (well, since the last breaking change in config file formats).

It’s a Kubernetes! It also has some other conventions overlaid on it to make it more appliance-like, including some pretty strong integration with that particular stack; setting up new “apps” (charts) requires punching in a lot of Traefik specifics.