Skip to main content

Releases

Pomerium is shipped in multiple formats and architectures to suit a variety of deployment patterns. There are two binaries:

  • pomerium is the primary server component. It is a monolithic binary that can perform the function of any services mode.
  • pomerium-cli (optional) is a command-line client for working with Pomerium. Functions include acting as an authentication helper for tools like kubectl.

Pomerium

  • Supported Operating Systems: linux, darwin
  • Supported Architectures: amd64, arm64

Binaries

Official binaries can be found on our GitHub Releases page.

ARCH=[your arch]
OS=[your os]
VERSION=[desired version]
curl -L https://github.com/pomerium/pomerium/releases/download/${VERSION}/pomerium-${OS}-${ARCH}.tar.gz \
    | tar -z -x

Packages

  • Supported formats: rpm, deb
  • Requires systemd support

Official packages can be found on our GitHub Releases page or from Cloudsmith.

/etc/yum.repos.d/pomerium-pomerium.repo
[pomerium-pomerium]
name=pomerium-pomerium
baseurl=https://dl.cloudsmith.io/public/pomerium/pomerium/rpm/el/$releasever/$basearch
repo_gpgcheck=1
enabled=1
gpgkey=https://dl.cloudsmith.io/public/pomerium/pomerium/gpg.6E388440B94E1407.key
gpgcheck=1
sslverify=1
pkg_gpgcheck=1

Docker Image

Pomerium utilizes a minimal docker container. You can find Pomerium's images on dockerhub. Pomerium can be pulled in several flavors and architectures.

  • :vX.Y.Z: which will pull the a specific tagged release.

    docker run pomerium/pomerium:v0.1.0 --version
    v0.1.0+53bfa4e

  • :latest: which will pull the most recent tagged release.

    docker pull pomerium/pomerium:latest && docker run pomerium/pomerium:latest --version
    v0.2.0+87e214b

  • :main : which will pull an image in sync with git's main branch.

    docker pull pomerium/pomerium:main

Rootless images for official releases are also published to provide additional security. In these images, Pomerium runs as the nonroot user. Depending on your deployment environment, you may need to grant the container additional capabilities or change the listening port from 443.

  • :nonroot-vX.Y.Z: the rootless image for a specific release.
  • :nonroot: rootless equivalent to the latest tag.

Debug images are also available. These include shell environments to allow operators to perform debugging steps from inside the container. If the image you are using already has a tag, prepend debug- for the debug image. For example:

  • :debug-vX.Y.Z: the debug image for a specific release.
  • :debug-nonroot: the debug image for the latest nonroot image.
  • :debug: debug equivalent of the latest tag.

Helm

Pomerium maintains a helm chart for easy Kubernetes deployment with best practices https://helm.pomerium.io/

helm repo add pomerium https://helm.pomerium.io
helm install pomerium/pomerium

See the README for up to date install options.

Source

tip

Officially supported build platforms are limited by envoy proxy.

git clone git@github.com:pomerium/pomerium.git
cd pomerium
make
./bin/pomerium --version

pomerium-cli

  • Supported Operating Systems: linux, darwin, windows, freebsd
  • Supported Architectures: amd64, arm64, armv6, armv7

Binaries

Official binaries can be found on our GitHub Releases page.

ARCH=[your arch]
OS=[your os]
VERSION=[desired version]
curl -L https://github.com/pomerium/cli/releases/download/${VERSION}/pomerium-cli-${OS}-${ARCH}.tar.gz \
    | tar -z -x

Packages

  • Supported formats: rpm, deb

Official packages can be found on our GitHub Releases page or from Cloudsmith.

/etc/yum.repos.d/pomerium-cli.repo
[pomerium-pomerium]
name=pomerium-pomerium
baseurl=https://dl.cloudsmith.io/public/pomerium/pomerium/rpm/el/$releasever/$basearch
repo_gpgcheck=1
enabled=1
gpgkey=https://dl.cloudsmith.io/public/pomerium/pomerium/gpg.6E388440B94E1407.key
gpgcheck=1
sslverify=1
pkg_gpgcheck=1

Homebrew

brew tap pomerium/tap
brew install pomerium-cli

Docker Image

The CLI utilizes a minimal docker container. You can find the Pomerium CLI image on dockerhub. It can be pulled in several flavors and architectures.

  • :vX.Y.Z: which will pull the a specific tagged release.

    docker run pomerium/cli:v0.1.0 --version
    v0.1.0+53bfa4e

  • :latest: which will pull the most recent tagged release.

    docker run pomerium/cli:latest --version
    v0.2.0+87e214b

  • :main : which will pull an image in sync with git's main branch.

    docker pull pomerium/cli:main

Source

git clone git@github.com:pomerium/cli.git
cd pomerium
make build
./bin/pomerium-cli --help

Pomerium Desktop

The Desktop Client is available from GitHub as an exe, dmg, and AppImage.

Alternatively, on Mac.

brew tap pomerium/tap
brew install pomerium-desktop

Release cycle

The current release cycle is aligned on a monthly basis. Pre-1.0.0 we target a MINOR release on or around the first day of each month. We try to hit the targets as closely as possible, while still delivering a quality release.

Pomerium uses Semantic Versioning. In practice this means for a given version number vMAJOR.MINOR.PATCH (e.g. v0.1.0):

  • MAJOR indicates an incompatible API change,
  • MINOR indicates a new functionality in a backwards-compatible manner, and
  • PATCH indicates a backwards-compatible bug fixe.

As Pomerium is still pre-v1.0.0, breaking changes between releases should be expected.

To see difference between releases, please refer to the changelog and upgrading documents.