Comments (13)
@StanislavBolshakov Great idea.
I spent the last few hours looking at how multi-architecture/os images could be supported, and it looks like the best way to do this is probably get pomerium added as an official docker image.
see
- https://github.com/docker-library/official-images#multiple-architectures
- https://hub.docker.com/_/traefik
- https://github.com/hashicorp/docker-vault
- https://blog.docker.com/2017/11/multi-arch-all-the-things/
from pomerium.
I think adding pomerium as an official Docker image is quite a big step.
Maybe it would be easier to provide a seperate armv6/7 pomierum-image (different tag) for the people using different kind of "Pi's". This should satisfy a big group of people and you would be the first zero trust solution on ARM32-Docker as far as I know.
I am new to docker, so I am not a hundred percent sure how this works but my first guess is to exchange
FROM golang:alpine as build
with
FROM arm32v7/golang:alpine as build
Are there any other caveats one has to know?
(I could test it with a Banana Pi 1)
from pomerium.
@fightforlife If you are free to test, we can try giving this a go see PR #95
from pomerium.
@desimone getting this error on step 6:
Sending build context to Docker daemon 36.86kB
Step 1/19 : FROM golang:alpine as build
alpine: Pulling from library/golang
c2a5cdd4aa08: Already exists
61912a55c401: Pull complete
c38eec8ecc12: Pull complete
1a84f6973d50: Extracting [===> ] 8.356MB/121MB
1a84f6973d50: Pull complete
361acb9197b7: Pull complete
Digest: sha256:1a5f8b6db670a7776ce5beeb69054a7cf7047a5d83176d39b94665a54cfb9756
Status: Downloaded newer image for golang:alpine
---> 7869b1303a7e
Step 2/19 : RUN apk --update --no-cache add ca-certificates git make
---> Running in 582820f9547b
fetch http://dl-cdn.alpinelinux.org/alpine/v3.9/main/armv7/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.9/community/armv7/APKINDEX.tar.gz
(1/8) Installing nghttp2-libs (1.35.1-r0)
(2/8) Installing libssh2 (1.8.2-r0)
(3/8) Installing libcurl (7.64.0-r1)
(4/8) Installing libgcc (8.3.0-r0)
(5/8) Installing expat (2.2.6-r0)
(6/8) Installing pcre2 (10.32-r1)
(7/8) Installing git (2.20.1-r0)
(8/8) Installing make (4.2.1-r2)
Executing busybox-1.29.3-r10.trigger
OK: 14 MiB in 23 packages
Removing intermediate container 582820f9547b
---> d52825b5c589
Step 3/19 : ENV CGO_ENABLED=0
---> Running in dd3b85e9ede4
Removing intermediate container dd3b85e9ede4
---> 96112d6bd4fd
Step 4/19 : ENV GO111MODULE=on
---> Running in 8aa72f79f94a
Removing intermediate container 8aa72f79f94a
---> b7534fb6aef0
Step 5/19 : WORKDIR /go/src/github.com/pomerium/pomerium
---> Running in 3bc47c75a582
Removing intermediate container 3bc47c75a582
---> cd2d9817af18
Step 6/19 : COPY go.mod .
COPY failed: stat /var/lib/docker/tmp/docker-builder845369703/go.mod: no such file or directory```
from pomerium.
@StanislavBolshakov thanks for testing this.
- Could you show me a little more details about your environment?
- What command are you using to run docker? If you are building from source (it looks like?), you need to do it from the root of the git repository. Sorry if that's not what you are doing, it's a little hard to tell.
- Can you pulling from dockerhub (e.g
docker pull pomerium/pomerium:arm32v6-latest
) ?
from pomerium.
Hi together, I just quickly tested the two images from dockerhub (arm32v6 and arm32v7) on my Banana Pi M1 running Armbian Ubuntu 18.04.
I used the standard docker compose example without any configuration files (I am a little short on time)
The errors I am getting are just pointing to a missing configuration. (Same errors for arm32v6 and 7)
7:42PM INF cmd/pomerium service=all user-agent="pomerium/v0.0.3 (+github.com/pomerium/pomerium; 86a7040; go1.11.5)" version=v0.0.3+86a7040
7:42PM WRN identity/google: no service account, cannot retrieve groups
7:42PM FTL cmd/pomerium: new authorize error="authorize: `POLICY_FILE` policy file ./policy.yaml: is directory exists? false"
I will try to updates this with the correct configuration in place in the next days. But at the moment it seems like it is working.
Thanks!
from pomerium.
So I just took the time and spun up a simple configuration with Google as Identity Provider and only one policy.
I get the Google login screen but after this I get a screeen from Pomerium with a 500 Error.
I will recheck my configuration, just to be sure.
from pomerium.
@fightforlife Great to hear. If it's running as you described it sounds like it is working (unless something unexpected is going on with Go's arm support).
If you are able to print out the debug logs I can help you troubleshoot that.
from pomerium.
Hi can you help me
from pomerium.
@desimone
I was on vacation the last days, but today I was able to clear my problem (wrong certificates linked) and can say that pomerium is working fine on my Banana Pi inside docker.
Thank you very much! This will replace Pritunl Zero for me.
from pomerium.
@fightforlife That's great, I'm glad it is working for you!
If you wouldn't mind testing the latest dockerhub builds, it would be a huge help. I just want to make sure distroless and dockerhub automated builds are still working as expected for ARM?
See #102
from pomerium.
Closing for now, but if there is an issue please let me know. Arm should be generated on latest and tagged like normal releases going forward.
from pomerium.
arm32v7 build from 5 hours ago is working fine for me.
from pomerium.
Related Issues (20)
- Support Regex based host/path rewrites HOT 4
- Support Device authorization flow for programmatic access
- Generate Pomerium-Desktop config by reading pomerium core config HOT 1
- core/kubernetes: user with no groups denied access HOT 1
- Refactor autocert test setup to be clearer
- Two Person Integrity HOT 2
- how to config cert? HOT 10
- Enable downstream MTLS failures logging HOT 1
- Live config change causing autocert to fail, OK on restart HOT 6
- Dockerfile: add `VOLUME` command for autocert directory
- docker: pomerium/pomerium:main does not have version HOT 3
- internal/zero/telemetry/sessions.TestActiveUsers is flaky
- Feature request: always pass a Pomerium JWT to upstream services HOT 4
- authenticate.OAuthCallback: error redeeming authenticate code HOT 4
- Support OtherName(UPN) SAN for mTLS Verification
- Autocert supports DNS-01 challenges for applying for wildcard certificate HOT 1
- Incorporate ID token expiration into session refresh scheduling
- ID token expiration should not invalidate Pomerium session HOT 2
- Incorrect upstream errors link on Pomerium Error page HOT 2
- Is there a reason for the lack of `armhf` builds? HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pomerium.