Install Pomerium Zero
Learn how to install Pomerium Zero.
If you haven't signed up for Pomerium Zero, you can create an account for free.
Pomerium Zero provides a hosted configuration UI for managing your Pomerium configurations. You can migrate to Pomerium Zero by importing your existing configuration.
See Import Core Config to Zero for more information.
- Linux
- Kubernetes
- Docker
- Manual
Install Pomerium with the following shell script:
curl https://console.pomerium.app/install.bash | env POMERIUM_ZERO_TOKEN=<CLUSTER_TOKEN> bash -s install
Pomerium requires an internet-accessible server and the ability to bind port 443.
First, install Pomerium into your Kubernetes cluster:
kubectl apply -k github.com/pomerium/pomerium/k8s/zero
Finally, create a secret to store the token used to authenticate your installation to Pomerium Zero:
apiVersion: v1
kind: Secret
metadata:
name: pomerium
namespace: pomerium-zero
type: Opaque
stringData:
pomerium_zero_token: <CLUSTER_TOKEN>
Save the following configuration as compose.yaml
:
services:
pomerium:
image: pomerium/pomerium:v0.27.2
ports:
- 443:443
restart: always
environment:
POMERIUM_ZERO_TOKEN: <CLUSTER_TOKEN>
XDG_CACHE_HOME: /var/cache
volumes:
- pomerium-cache:/var/cache
networks:
main:
aliases:
- verify.<CLUSTER_STARTER_SUBDOMAIN>.pomerium.app
verify:
image: cr.pomerium.com/pomerium/verify:latest
networks:
main:
aliases:
- verify
networks:
main: {}
volumes:
pomerium-cache:
Then, run the following command in the same directory:
docker compose up -d
Pomerium requires an internet-accessible server and the ability to bind port 443.
Use the following values as necessary to install or update Pomerium in accordance with your environment:
- Cluster Token
- env:
POMERIUM_ZERO_TOKEN
- Domain Name
Pass the provided Cluster Token into the POMERIUM_ZERO_TOKEN
environment variable.
Domain Name refers to your cluster's starter domain.
Upgrade Pomerium Zero
Learn how to upgrade Pomerium Zero.
- Linux
- Kubernetes
- Docker
- Manual
To update Pomerium in Debian-based Linux systems:
- Check for new package updates and install Pomerium:
$ sudo apt update && sudo apt install pomerium
To update Pomerium in Red Hat-based Linux systems:
- Check for new package updates
$ sudo yum list updates
- Install the latest version of Pomerium:
$ sudo yum update pomerium
In v0.27, we updated the Kubernetes installation manifest to use a Deployment instead of a StatefulSet. Before upgrading, you must remove your existing StatefulSet. See the v0.27 Upgrade guide for specific instructions.
To update Pomerium in Kubernetes, run the following command:
$ kubectl apply -k github.com/pomerium/pomerium/k8s/zero\?ref=<X.Y.Z>
To update Pomerium in Docker:
- In your
compose.yaml
file, update the Pomerium image tag to specify the latest tagged release:
pomerium:
image: pomerium/pomerium:<vX.Y.Z>
- Run the following command:
$ docker compose up -d
Docker should automatically pull the new image of Pomerium before running the container. If for some reason Docker doesn't pull the image, you can manually run:
$ docker pull pomerium/pomerium:<vX.Y.Z>
For custom configurations, update the Pomerium image tag to the latest version.