Pomerium

# Releases

Pomerium is shipped in multiple formats and architectures to suit a variety of deployment patterns. There are two binaries:

  • pomerium is the primary server component. It is a monolithic binary that can perform the function of any services mode.
  • pomerium-cli (optional) is a command-line client for working with Pomerium. Functions include acting as an authentication helper for tools like kubectl.

# pomerium

  • Supported Operating Systems: linux, darwin
  • Supported Architectures: amd64, arm64

# Binaries

Official binaries can be found on our GitHub Releases (opens new window) page.

ARCH=[your arch]
OS=[your os]
VERSION=[desired version]
curl -L https://github.com/pomerium/pomerium/releases/download/${VERSION}/pomerium-${OS}-${ARCH}.tar.gz \
    | tar -z -x

# Packages

  • Supported formats: rpm, deb
  • Requires systemd support

Official packages can be found on our GitHub Releases (opens new window) page or from Cloudsmith (opens new window).

# Example yum repo

[pomerium-pomerium]
name=pomerium-pomerium
baseurl=https://dl.cloudsmith.io/public/pomerium/pomerium/rpm/el/$releasever/$basearch
repo_gpgcheck=1
enabled=1
gpgkey=https://dl.cloudsmith.io/public/pomerium/pomerium/gpg.6E388440B94E1407.key
gpgcheck=1
sslverify=1
pkg_gpgcheck=1

# Example deb setup

curl -1sLf 'https://dl.cloudsmith.io/public/pomerium/pomerium/gpg.6E388440B94E1407.key' | apt-key add -
echo "deb https://dl.cloudsmith.io/public/pomerium/pomerium/deb/debian buster main" > /etc/apt/sources.list.d/pomerium-pomerium.list

# Docker Image

Pomerium utilizes a minimal (opens new window) docker container (opens new window). You can find Pomerium's images on dockerhub (opens new window). Pomerium can be pulled in several flavors and architectures.

Rootless images for official releases are also published to provide additional security. In these images, Pomerium runs as the nonroot user. Depending on your deployment environment, you may need to grant the container additional capabilities (opens new window) or change the listening port from 443.

  • :nonroot-vX.Y.Z: the rootless image for a specific release.
  • :nonroot: rootless equivalent to the latest tag.

Debug images are also available. These include shell environments to allow operators to perform debugging steps from inside the container. If the image you are using already has a tag, prepend debug- for the debug image. For example:

  • :debug-vX.Y.Z: the debug image for a specific release.
  • :debug-nonroot: the debug image for the latest nonroot image.
  • :debug: debug equivalent of the latest tag.

# Helm

Pomerium maintains a helm (opens new window) chart for easy Kubernetes deployment with best practices https://helm.pomerium.io/ (opens new window)

helm repo add pomerium https://helm.pomerium.io
helm install pomerium/pomerium

See the README (opens new window) for up to date install options.

# Source

TIP

Officially supported build platforms are limited by envoy proxy (opens new window).

git clone git@github.com:pomerium/pomerium.git
cd pomerium
make
./bin/pomerium --version

# pomerium-cli

  • Supported Operating Systems: linux, darwin, windows, freebsd
  • Supported Architectures: amd64, arm64, armv6, armv7

# Binaries

Official binaries can be found on our GitHub Releases (opens new window) page.

ARCH=[your arch]
OS=[your os]
VERSION=[desired version]
curl -L https://github.com/pomerium/cli/releases/download/${VERSION}/pomerium-cli-${OS}-${ARCH}.tar.gz \
    | tar -z -x

# Packages

  • Supported formats: rpm, deb

Official packages can be found on our GitHub Releases (opens new window) page or from Cloudsmith (opens new window).

# Example yum repo

[pomerium-pomerium]
name=pomerium-pomerium
baseurl=https://dl.cloudsmith.io/public/pomerium/pomerium/rpm/el/$releasever/$basearch
repo_gpgcheck=1
enabled=1
gpgkey=https://dl.cloudsmith.io/public/pomerium/pomerium/gpg.6E388440B94E1407.key
gpgcheck=1
sslverify=1
pkg_gpgcheck=1

# Example deb setup

curl -1sLf 'https://dl.cloudsmith.io/public/pomerium/pomerium/gpg.6E388440B94E1407.key' | apt-key add -
echo "deb https://dl.cloudsmith.io/public/pomerium/pomerium/deb/debian buster main" > /etc/apt/sources.list.d/pomerium-pomerium.list

# Homebrew

brew tap pomerium/tap
brew install pomerium-cli

# Docker Image

The CLI utilizes a minimal (opens new window) docker container (opens new window). You can find the Pomerium CLI image on dockerhub (opens new window). It can be pulled in several flavors and architectures.

# Source

git clone git@github.com:pomerium/cli.git
cd pomerium
make build
./bin/pomerium-cli --help

# Pomerium Desktop

The Desktop Client is available from GitHub (opens new window) as an exe, dmg, and AppImage.

# Release cycle

The current release cycle is aligned on a monthly basis. Pre-1.0.0 we target a MINOR release on or around the first day of each month. We try to hit the targets as closely as possible, while still delivering a quality release.

Pomerium uses Semantic Versioning (opens new window). In practice this means for a given version number vMAJOR.MINOR.PATCH (e.g. v0.1.0):

  • MAJOR indicates an incompatible API change,
  • MINOR indicates a new functionality in a backwards-compatible manner, and
  • PATCH indicates a backwards-compatible bug fixe.

As Pomerium is still pre-v1.0.0, breaking changes between releases should be expected.

To see difference between releases, please refer to the changelog and upgrading documents.

Edit this page on GitHub (opens new window)
Last Updated: 2/15/2022, 9:02:40 PM


Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. Pomerium is a registered trademark.

Architecture