Install Pomerium Zero

Learn how to install Pomerium Zero.

note

If you haven't signed up for Pomerium Zero, you can create an account for free.

info

Pomerium Zero provides a hosted configuration UI for managing your Pomerium configurations. You can migrate to Pomerium Zero by importing your existing configuration.

See Import Core Config to Zero for more information.

Kubernetes (Helm)

To install Pomerium with Helm, run the following command:

helm install pomerium-zero oci://docker.io/pomerium/pomerium-zero \
  --set pomeriumZeroToken=<CLUSTER_TOKEN> \
  --namespace pomerium-zero \
  --create-namespace

See the chart on GitHub for more details.

Kubernetes (Manual)

First, install Pomerium into your Kubernetes cluster:

kubectl apply -k github.com/pomerium/pomerium/k8s/zero

Finally, create a secret to store the token used to authenticate your installation to Pomerium Zero:

apiVersion: v1
kind: Secret
metadata:
  name: pomerium
  namespace: pomerium-zero
type: Opaque
stringData:
  pomerium_zero_token: <CLUSTER_TOKEN>

Docker

Save the following configuration as compose.yaml:

compose.yaml

services:
  pomerium:
    image: pomerium/pomerium:v0.28.0
    ports:
      - 443:443
    restart: always
    environment:
      POMERIUM_ZERO_TOKEN: <CLUSTER_TOKEN>
      XDG_CACHE_HOME: /var/cache
    volumes:
      - pomerium-cache:/var/cache
    networks:
      main:
        aliases:
          - verify.<CLUSTER_STARTER_SUBDOMAIN>.pomerium.app
  verify:
    image: cr.pomerium.com/pomerium/verify:latest
    networks:
      main:
        aliases:
          - verify

networks:
  main: {}

volumes:
  pomerium-cache:

Then, run the following command in the same directory:

docker compose up -d

Pomerium requires an internet-accessible server and the ability to bind port 443.

Linux

Install Pomerium with the following shell script:

curl https://console.pomerium.app/install.bash | env POMERIUM_ZERO_TOKEN=<CLUSTER_TOKEN> bash -s install

Pomerium requires an internet-accessible server and the ability to bind port 443.

Update Pomerium Zero

Learn how to update Pomerium Zero.

Kubernetes (Helm)

To update Pomerium with Helm, run the following command:

helm upgrade pomerium-zero oci://docker.io/pomerium/pomerium-zero \
  --namespace pomerium-zero \
  --version <X.Y.Z>

Kubernetes (Manual)

note

In v0.27, we updated the Kubernetes installation manifest to use a Deployment instead of a StatefulSet. Before upgrading, you must remove your existing StatefulSet. See the v0.27 Upgrade guide for specific instructions.

To update Pomerium in Kubernetes, run the following command:

$ kubectl apply -k github.com/pomerium/pomerium/k8s/zero\?ref=0.28.0

Docker

To update Pomerium in Docker:

1. In your compose.yaml file, update the Pomerium image tag to specify the latest tagged release:

pomerium:
  image: pomerium/pomerium:v0.28.0

1. Run the following command:

$ docker compose up -d

Docker should automatically pull the new image of Pomerium before running the container. If for some reason Docker doesn't pull the image, you can manually run:

$ docker pull pomerium/pomerium:v0.28.0

Linux

To update Pomerium in Debian-based Linux systems:

1. Check for new package updates and install Pomerium:

$ sudo apt update && sudo apt install pomerium

To update Pomerium in Red Hat-based Linux systems:

1. Check for new package updates

$ sudo yum list updates

1. Install the latest version of Pomerium:

$ sudo yum update pomerium