Upgrade to Pomerium v0.4.0

pomerium · Oct 10, 2019 · f71a4ab · f71a4ab
2 parents bd29c04 + c4c67de
commit f71a4ab
Show file tree

Hide file tree

Showing 6 changed files with 28 additions and 12 deletions.
diff --git a/Chart.yaml b/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 name: pomerium
-version: 3.0.1
-appVersion: 0.3.1
+version: 4.0.0
+appVersion: 0.4.0
 home: http://www.pomerium.io/
 icon: https://www.pomerium.io/logo.svg
 description: Pomerium is an identity-aware access proxy.

diff --git a/README.md b/README.md
@@ -11,9 +11,11 @@
     - [Self Provisioned](#self-provisioned)
   - [Configuration](#configuration)
   - [Changelog](#changelog)
+    - [4.0.0](#400)
     - [3.0.0](#300)
     - [2.0.0](#200)
   - [Upgrading](#upgrading)
+    - [4.0.0](#400-1)
     - [3.0.0](#300-1)
     - [2.0.0](#200-1)
   - [Metrics Discovery Configuration](#metrics-discovery-configuration)
@@ -141,6 +143,10 @@ A full listing of Pomerium's configuration variables can be found on the [config
 
 ## Changelog
 
+### 4.0.0
+- Upgrade to Pomerium v0.4.0
+- Handle breaking changes from Pomerium
+
 ### 3.0.0
 - Refactor TLS certificates to use Kubernetes TLS secrets
 - Generate TLS certificates in a hook to prevent certificate churn
@@ -153,6 +159,10 @@ A full listing of Pomerium's configuration variables can be found on the [config
 
 ## Upgrading
 
+### 4.0.0
+- There are no user facing changes in this chart release
+- See [Pomerium Changelog](https://www.pomerium.io/docs/upgrading.html#since-0-3-0) for internal details
+
 ### 3.0.0
 
 - This version moves all certificates to TLS secrets.  

diff --git a/templates/authenticate-deployment.yaml b/templates/authenticate-deployment.yaml
@@ -110,6 +110,10 @@ spec:
               name:  {{ template "pomerium.caSecret.name" . }}
               key:  {{ template "pomerium.caSecret.certName" . }}
 {{- else }}
+        - name: CERTIFICATE_FILE
+          value: "/pomerium/cert.pem"
+        - name: CERTIFICATE_KEY_FILE
+          value: "/pomerium/privkey.pem"
         - name: CERTIFICATE_AUTHORITY_FILE
           value: "/pomerium/ca.pem"
 {{- end }}

diff --git a/templates/authorize-deployment.yaml b/templates/authorize-deployment.yaml
@@ -82,6 +82,10 @@ spec:
               name:  {{ template "pomerium.caSecret.name" . }}
               key:  {{ template "pomerium.caSecret.certName" . }}
 {{- else }}
+        - name: CERTIFICATE_FILE
+          value: "/pomerium/cert.pem"
+        - name: CERTIFICATE_KEY_FILE
+          value: "/pomerium/privkey.pem"
         - name: CERTIFICATE_AUTHORITY_FILE
           value: "/pomerium/ca.pem"
 {{- end }}
@@ -97,15 +101,12 @@ spec:
             name: metrics
             protocol: TCP
         livenessProbe:
-          httpGet:
-            path: /ping
+          tcpSocket:
             port: https
-            scheme: HTTPS
+            initialDelaySeconds: 15
         readinessProbe:
-          httpGet:
-            path: /ping
+          tcpSocket:
             port: https
-            scheme: HTTPS
         resources:
 {{ toYaml .Values.resources | indent 10 }}
         volumeMounts:

diff --git a/templates/proxy-deployment.yaml b/templates/proxy-deployment.yaml
@@ -73,8 +73,6 @@ spec:
           value: {{ default (printf "https://authenticate.%s" .Values.config.rootDomain ) .Values.proxy.authenticateServiceUrl }}
         - name: AUTHORIZE_SERVICE_URL
           value: {{ default (printf "https://%s.%s.svc.cluster.local" (include "pomerium.authorize.fullname" .) .Release.Namespace ) .Values.proxy.authorizeInternalUrl}}
-        - name: AUTHENTICATE_INTERNAL_URL
-          value: {{ default (printf "https://%s.%s.svc.cluster.local" (include "pomerium.authenticate.fullname" .) .Release.Namespace ) .Values.proxy.authenticateInternalUrl}}
 {{- /* TODO in future: Remove legacy logic */ -}}
 {{- if .Values.config.existingLegacyTLSSecret }}
         - name: CERTIFICATE
@@ -93,6 +91,10 @@ spec:
               name:  {{ template "pomerium.caSecret.name" . }}
               key:  {{ template "pomerium.caSecret.certName" . }}
 {{- else }}
+        - name: CERTIFICATE_FILE
+          value: "/pomerium/cert.pem"
+        - name: CERTIFICATE_KEY_FILE
+          value: "/pomerium/privkey.pem"
         - name: CERTIFICATE_AUTHORITY_FILE
           value: "/pomerium/ca.pem"
 {{- end }}

diff --git a/values.yaml b/values.yaml
@@ -61,7 +61,6 @@ proxy:
   authenticateServiceUrl: ""
   authorizeServiceUrl: ""
   authorizeInternalUrl: ""
-  authenticateInternalUrl: ""
 
 service:
   # Service type can be set to ClusterIP, NodePort or LoadBalancer.
@@ -127,7 +126,7 @@ extraVolumes: {}
 
 image:
   repository: "pomerium/pomerium"
-  tag: "v0.3.1"
+  tag: "v0.4.0"
   pullPolicy: "IfNotPresent"
 
 metrics: