Open venkatamutyala opened 5 months ago
@venkatamutyala you can have Pomerium listen on a different port using the address
option. Does this fix your issue?
Thanks @calebdoxsey. It looks like it's not customizable in kubernetes. Is that accurate? I'm currently using your kustomize deployment method. Do i just need to shove that environment variable into the container some how?
Hi @venkatamutyala
I think you can adjust the LoadBalancer service:
apiVersion: v1
kind: Service
metadata:
name: pomerium-proxy
spec:
type: LoadBalancer
ports:
- port: 443
targetPort: https
protocol: TCP
name: https
- name: http
targetPort: http
protocol: TCP
port: 80
Changing 443
to 8443
would mean incoming URLs would come on example.com:8443
and then the route should match.
I appreciate the help. I just tried implementing this using port 9096 and i am still getting a route_not_found error:
I also tried updating the deployment of the pomerium ingress container to have the env variable ADDRESS = 9096
and same issue
In Kubernetes Pomerium runs on port 8443
. The behavior you're seeing doesn't make sense to me. I will attempt to reproduce this setup.
Ok I see the issue. Ingress rules do not support port numbers in the host
field. Pomerium requires non-443 routes to have the port number in their from
field. This is an incompatibility between ingress definitions and what Pomerium supports.
I have moved this issue to the ingress controller repository.
Thanks.
Related: https://github.com/pomerium/pomerium/issues/4460
Adding an option to ignore the port for matching would fix this issue as well.
Yes, let's investigate the feasibility of adding a config option to ignore the port.
Is your feature request related to a problem? Please describe.
Yes.
A clear and concise description of what the problem is.
It seems like pomerium can only support standard ports 80 and 443. If i do example.com:8443 it'll give me a 404.
Describe the solution you'd like
I'd like to be able to specify 8443 or another non-standard port
Describe alternatives you've considered
This works in curl but i don't think i can easily recreate this in a popular browser (ex. chrome):
Explain any additional use-cases
I'd like to keep port 80/443 for apps that use ingress-nginx ingress controller and i'd like to avoid having to get a second ipv4 address just to use pomerium
Additional context Related: