Announcing Pomerium v0.28

Pomerium v0.28 is here, packed with major updates enhancing our Kubernetes integration, deployment flexibility, and security configurations across all editions. This release also includes significant performance optimizations and several critical bug fixes.

Downloads are available on GitHub Releases, CloudSmith, and Docker Hub for all supported platforms.

Securing Kubernetes Control Plane with Structured Authentication Configuration

In v0.28.0, Pomerium added support for Structured Authentication Configuration ( Kubernetes 1.30+) enabling secure kubectl and Kubernetes API access. Beyond basic Kubernetes RBAC, Pomerium brings the same centralized, context-aware authorization capabilities you love so you can manage your Kubernetes control plane like it was any other workload. 

For more details, visit our Kubernetes Access documentation.

Gateway API Support

Our Ingress Controller now includes experimental support for the Kubernetes Gateway API, designed to streamline ingress configuration and enhance role-based resource management in complex Kubernetes environments.

The new Gateway API integration means: 

• Role-Based Resource Management: Enables role-based controls, providing greater flexibility in multi-tenant and large-scale Kubernetes deployments.

• Supported Features: Supports Gateway API v1.2 "Core" features, with both "Gateway" and "HTTP" conformance profiles.

Current capabilities include:

• Protocol: HTTPS-only listener support to ensure security during session-based authentication.

• Route Types: Currently supports HTTPRoute, with plans to add GRPCRoute in future releases.

• Header Matching: Supports header overwriting (using "set" field) but does not support appending.

We’re actively expanding Gateway API support and welcome your feedback to guide future improvements.

Simplified Kubernetes Deployments with Helm and Kustomize

Deploying Pomerium Zero has never been easier. Our new Helm chart, alongside existing Kustomize manifests, enables quick and seamless integration into Kubernetes environments. This approach ensures:

Effortless Setup: Deploy Pomerium Zero swiftly with minimal configuration, fitting right into your existing workflows.

Consistency Across Environments: Helm and Kustomize allow you to standardize deployments, making updates and maintenance simpler and more reliable.

Ready to get started? Check out our setup guide in our installs repo.

Performance Enhancements

This release also delivers improved request handling performance and scalability through more efficient processing of header evaluations and route matching.

Faster header evaluation: In our testing, authenticated routes were processed up to twice as quickly leading to higher throughput and lower request latency.

More efficient route matching: Our route matching optimization allows Pomerium to scale the number of routes even higher, unlocking enterprise use cases of tens of thousands of routes within a given cluster

For a complete list of other improvements, check out our changelog.

Meet Us at KubeCon

Catch the Pomerium Development Team at KubeCon 2024 in Salt Lake City from November 12-15. Stop by our booth (Q29) to chat about how Pomerium can meet your access management needs.

Thank you for your ongoing support! We’re committed to advancing Pomerium to help secure and streamline your operations.