ingress-controller
ingress-controller copied to clipboard
pomerium
Pomerium Kubernetes Ingress Controller
## What happened? Users constantly being asked to reauthenticate with the AzureAD IDP, multiple times a day far more frequently then the desired 4 day pomerium session TTL. Seeing tens...
**Is your feature request related to a problem? Please describe.** in order to upgrade to K8S API v30, several breaking changes in the controller-runtime https://github.com/kubernetes-sigs/controller-runtime/pull/2783 have to be resolved **Describe...
**Is your feature request related to a problem? Please describe.** Pomerium perfectly supports serverless backends in the standalone setup (docker). For some reason option `enable_google_cloud_serverless_authentication` is not allowed _Ingress controller_...
**Is your feature request related to a problem? Please describe.** Currently, when using Pomerium as an ingress controller, configuring policies for access control requires embedding the policy rules directly within...
**Is your feature request related to a problem? Please describe.** Yes. A clear and concise description of what the problem is. It seems like pomerium can only support standard ports...
## Summary Implements the [tracing configs](https://www.pomerium.com/docs/reference/tracing) in the Pomerium CRD ## Checklist - [ ] reference any related issues - [x] updated docs - [ ] updated unit tests -...
Direct responses are described in https://github.com/pomerium/pomerium/issues/4954. We should support them in the ingress controller as well.
Would be helpful to be able to define following route configs via annotation: * `identity-provider-client-id-per-route` [(docs)](https://www.pomerium.com/docs/reference/routes/identity-provider-client-id-per-route) * `identity-provider-client-secret-per-route` ([docs](https://www.pomerium.com/docs/reference/routes/identity-provider-client-secret-per-route))
it is customary to generate kubernetes secrets based on the contents of the files. However if you occasionally do a newline there, the newline would get persisted inside a parameter...
## What happened? we made `authenticate` options of the CRD optional when hosted authenticate was introduced, it is now possible to set `identityProvider` portion of the CRD without filling in...