Install Pomerium Zero
This page provides steps to install Pomerium Zero for each supported deploy environment.
If you don't have an account yet, you can create a Pomerium Zero account for free.
- linux
- Kubernetes
- Docker
- Manual
Install Pomerium with the following shell script:
curl https://console.pomerium.app/install.bash | env POMERIUM_ZERO_TOKEN=<CLUSTER_TOKEN> bash -s install
Pomerium requires an internet-accessible server and the ability to bind port 443.
First, install Pomerium into your Kubernetes cluster:
kubectl apply -k github.com/pomerium/pomerium/k8s/zero\?ref=v0.26.0
Finally, create a secret to store the token used to authenticate your installation to Pomerium Zero:
apiVersion: v1
kind: Secret
metadata:
name: pomerium
namespace: pomerium-zero
type: Opaque
stringData:
pomerium_zero_token: <CLUSTER_TOKEN>
Save the following configuration as compose.yaml
:
services:
pomerium:
image: pomerium/pomerium:v0.26.0
ports:
- 443:443
restart: always
environment:
POMERIUM_ZERO_TOKEN: <CLUSTER_TOKEN>
XDG_CACHE_HOME: /var/cache
volumes:
- pomerium-cache:/var/cache
networks:
main:
aliases:
- verify.<CLUSTER_STARTER_SUBDOMAIN>.pomerium.app
verify:
image: cr.pomerium.com/pomerium/verify:latest
networks:
main:
aliases:
- verify
networks:
main: {}
volumes:
pomerium-cache:
Then, run the following command in the same directory:
docker compose up -d
Pomerium requires an internet-accessible server and the ability to bind port 443.
Use the following values as necessary to install or update Pomerium in accordance with your environment:
- Cluster Token
- env:
POMERIUM_ZERO_TOKEN
- Domain Name
Pass the provided Cluster Token into the POMERIUM_ZERO_TOKEN
environment variable.
The Domain Name refers to the cluster starter domain that's assigned to your cluster during onboarding.
For example, sure-colt-611.pomerium.app
.