Skip to content

Commit 816a2c6

Browse files
committed
pre-commit changes
1 parent b945ff2 commit 816a2c6

File tree

1 file changed

+4
-7
lines changed

1 file changed

+4
-7
lines changed

content/docs/internals/configuration.mdx

+4-7
Original file line numberDiff line numberDiff line change
@@ -33,13 +33,11 @@ See the [reference](/docs/reference) page for a complete list of available optio
3333

3434
## All-In-One vs Split Service mode
3535

36-
Pomerium's default mode is all-in-one mode. It run all the indivudual [components](/docs/internals/architecture#component-level) in a single container or under a single system service. This is our suggested way to run Pomerium. Alternatively, each of those component services can be configured and run separately in split mode.
36+
Pomerium's default mode is all-in-one mode. It run all the individual [components](/docs/internals/architecture#component-level) in a single container or under a single system service. This is our suggested way to run Pomerium. Alternatively, each of those component services can be configured and run separately in split mode.
3737

38-
All-in-one mode has the easiest configuration and successfully used in large production environments. All the configuration goes in a single `config.yaml` file or single set of environment variables.
39-
When running Pomerium as a single system service or container, all the options on this page can be set in a single `config.yaml` file, or passed to the single instance as environment variables. Internal communication is configured automatically requiring no addtional setup.
40-
41-
Alternatively, each component can be run separately in split-mode using the [service mode](/docs/reference/service-mode) key to specify which component to run. Each of these needs to be configured separately, and communication between components must be explicitly configured including managing tls certificates.
38+
All-in-one mode has the easiest configuration and successfully used in large production environments. All the configuration goes in a single `config.yaml` file or single set of environment variables. When running Pomerium as a single system service or container, all the options on this page can be set in a single `config.yaml` file, or passed to the single instance as environment variables. Internal communication is configured automatically requiring no additional setup.
4239

40+
Alternatively, each component can be run separately in split-mode using the [service mode](/docs/reference/service-mode) key to specify which component to run. Each of these needs to be configured separately, and communication between components must be explicitly configured including managing tls certificates.
4341

4442
## Service Mode
4543

@@ -61,8 +59,7 @@ For almost all use cases it's desirable to run in "all-in-one" mode. This reduce
6159

6260
Split service mode is only advised for learning how the components interact, extremely security constrained environments or to workaround constraints in host environment.
6361

64-
The split service mode can limit the blast radius in the event of a compromised container and can enable independet scaling of components. These features come with some downsides. There will be increased latency to the authorize service, which is consulted on every request. In addition to complicating upgrades, the additional configuration makes debugging configuration errors more difficult.
65-
In larger footprints, it is recommended to run Pomerium as a collection of discrete service clusters. This limits blast radius in the event of vulnerabilities and allows for per-service [scaling](#scaling) and monitoring.
62+
The split service mode can limit the blast radius in the event of a compromised container and can enable independent scaling of components. These features come with some downsides. There will be increased latency to the authorize service, which is consulted on every request. In addition to complicating upgrades, the additional configuration makes debugging configuration errors more difficult. In larger footprints, it is recommended to run Pomerium as a collection of discrete service clusters. This limits blast radius in the event of vulnerabilities and allows for per-service [scaling](#scaling) and monitoring.
6663

6764
Please also see [Architecture](/docs/internals/architecture) for information on component interactions.
6865

0 commit comments

Comments
 (0)