ContainerImage.Pinniped/README.md

<img src="site/content/docs/img/pinniped_logo.svg" alt="Pinniped Logo" width="100%"/>

## Overview

Pinniped provides identity services to Kubernetes.

Pinniped allows cluster administrators to easily plug in external identity
providers (IDPs) into Kubernetes clusters. This is achieved via a uniform
install procedure across all types and origins of Kubernetes clusters,
declarative configuration via Kubernetes APIs, enterprise-grade integrations
with IDPs, and distribution-specific integration strategies.

### Example Use Cases

* Your team uses a large enterprise IDP, and has many clusters that they
  manage. Pinniped provides:
  * Seamless and robust integration with the IDP
  * Easy installation across clusters of any type and origin
  * A simplified login flow across all clusters
* Your team shares a single cluster. Pinniped provides:
  * Simple configuration to integrate an IDP
  * Individual, revocable identities

### Architecture

The Pinniped Supervisor component offers identity federation to enable a user to
access multiple clusters with a single daily login to their external IDP. The
Pinniped Supervisor supports various external [IDP
types](https://github.com/vmware-tanzu/pinniped/tree/main/generated/1.19#k8s-api-idp-supervisor-pinniped-dev-v1alpha1).

The Pinniped Concierge component offers credential exchange to enable a user to
exchange an external credential for a short-lived, cluster-specific
credential. Pinniped supports various [authentication
methods](https://github.com/vmware-tanzu/pinniped/tree/main/generated/1.19#authenticationconciergepinnipeddevv1alpha1)
and implements different integration strategies for various Kubernetes
distributions to make authentication possible.

The Pinniped Concierge can be configured to hook into the Pinniped Supervisor's
federated credentials, or it can authenticate users directly via external IDP
credentials.

To learn more, see [architecture](https://pinniped.dev/docs/architecture/).

<img src="site/content/docs/img/pinniped_architecture_concierge_supervisor.svg" alt="Pinniped Architecture Sketch" width="300px"/>

## Trying Pinniped

Care to kick the tires? It's easy to [install and try Pinniped](https://pinniped.dev/docs/demo/).

## Discussion

Got a question, comment, or idea? Please don't hesitate to reach out via the GitHub [Discussions](https://github.com/vmware-tanzu/pinniped/discussions) tab at the top of this page.

## Contributions

Contributions are welcome. Before contributing, please see the [contributing guide](CONTRIBUTING.md).

## Reporting Security Vulnerabilities

Please follow the procedure described in [SECURITY.md](SECURITY.md).

## License

Pinniped is open source and licensed under Apache License Version 2.0. See [LICENSE](LICENSE).

Copyright 2020 the Pinniped contributors. All Rights Reserved.
Remove duplicate documentation images from the repo and change all links to point to the Hugo site 2020-12-02 18:27:34 +00:00			`<img src="site/content/docs/img/pinniped_logo.svg" alt="Pinniped Logo" width="100%"/>`
First draft of moving API server TLS cert generation to controllers - Refactors the existing cert generation code into controllers which read and write a Secret containing the certs - Does not add any new functionality yet, e.g. no new handling for cert expiration, and no leader election to allow for multiple servers running simultaneously - This commit also doesn't add new tests for the cert generation code, but it should be more unit testable now as controllers 2020-08-09 17:04:05 +00:00
First draft of public README (and neighboring docs) Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-08-26 14:06:21 +00:00			`## Overview`

			`Pinniped provides identity services to Kubernetes.`

Doc updates 2020-08-27 17:14:03 +00:00			`Pinniped allows cluster administrators to easily plug in external identity`
First draft of public README (and neighboring docs) Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-08-26 14:06:21 +00:00			`providers (IDPs) into Kubernetes clusters. This is achieved via a uniform`
			`install procedure across all types and origins of Kubernetes clusters,`
			`declarative configuration via Kubernetes APIs, enterprise-grade integrations`
Doc updates 2020-08-27 17:14:03 +00:00			`with IDPs, and distribution-specific integration strategies.`
First draft of public README (and neighboring docs) Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-08-26 14:06:21 +00:00
Doc updates 2020-08-27 17:14:03 +00:00			`### Example Use Cases`
First draft of public README (and neighboring docs) Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-08-26 14:06:21 +00:00
Doc updates 2020-08-27 17:14:03 +00:00			`* Your team uses a large enterprise IDP, and has many clusters that they`
			`manage. Pinniped provides:`
			`* Seamless and robust integration with the IDP`
			`* Easy installation across clusters of any type and origin`
			`* A simplified login flow across all clusters`
			`* Your team shares a single cluster. Pinniped provides:`
			`* Simple configuration to integrate an IDP`
			`* Individual, revocable identities`
First draft of public README (and neighboring docs) Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-08-26 14:06:21 +00:00
			`### Architecture`

README.md: first draft of Supervisor additions Signed-off-by: Margo Crawford <margaretc@vmware.com> 2020-12-17 20:36:33 +00:00			`The Pinniped Supervisor component offers identity federation to enable a user to`
			`access multiple clusters with a single daily login to their external IDP. The`
			`Pinniped Supervisor supports various external [IDP`
			`types](https://github.com/vmware-tanzu/pinniped/tree/main/generated/1.19#k8s-api-idp-supervisor-pinniped-dev-v1alpha1).`

			`The Pinniped Concierge component offers credential exchange to enable a user to`
			`exchange an external credential for a short-lived, cluster-specific`
			`credential. Pinniped supports various [authentication`
			`methods](https://github.com/vmware-tanzu/pinniped/tree/main/generated/1.19#authenticationconciergepinnipeddevv1alpha1)`
			`and implements different integration strategies for various Kubernetes`
Doc updates 2020-08-27 17:14:03 +00:00			`distributions to make authentication possible.`

README.md: first draft of Supervisor additions Signed-off-by: Margo Crawford <margaretc@vmware.com> 2020-12-17 20:36:33 +00:00			`The Pinniped Concierge can be configured to hook into the Pinniped Supervisor's`
			`federated credentials, or it can authenticate users directly via external IDP`
			`credentials.`

Remove duplicate docs from the repo and change all links to point to the Hugo site 2020-11-22 14:44:02 +00:00			`To learn more, see [architecture](https://pinniped.dev/docs/architecture/).`
Add more subtitles to README.md 2020-08-27 22:11:38 +00:00
Change image reference on README, Also clarified some wording between authenticators and identity providers 2020-12-18 23:09:50 +00:00			`<img src="site/content/docs/img/pinniped_architecture_concierge_supervisor.svg" alt="Pinniped Architecture Sketch" width="300px"/>`
First draft of public README (and neighboring docs) Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-08-26 14:06:21 +00:00
Add demo instructions Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-09-15 19:10:20 +00:00			`## Trying Pinniped`

Remove duplicate docs from the repo and change all links to point to the Hugo site 2020-11-22 14:44:02 +00:00			`Care to kick the tires? It's easy to [install and try Pinniped](https://pinniped.dev/docs/demo/).`
Add demo instructions Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-09-15 19:10:20 +00:00
Add link to GitHub Discussions on the main README 2020-09-29 23:46:18 +00:00			`## Discussion`

			`Got a question, comment, or idea? Please don't hesitate to reach out via the GitHub [Discussions](https://github.com/vmware-tanzu/pinniped/discussions) tab at the top of this page.`

Doc updates 2020-08-27 17:14:03 +00:00			`## Contributions`
First draft of public README (and neighboring docs) Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-08-26 14:06:21 +00:00
Rename the CoC and contributor guide to the names GitHub recognizes. These special names are recognized by GitHub, for example on https://github.com/vmware-tanzu/pinniped/community. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-10-02 20:00:23 +00:00			`Contributions are welcome. Before contributing, please see the [contributing guide](CONTRIBUTING.md).`
Rename project 2020-08-20 17:54:15 +00:00
First draft of instructions to report security vulnerabilities 2020-08-27 22:02:11 +00:00			`## Reporting Security Vulnerabilities`

			`Please follow the procedure described in [SECURITY.md](SECURITY.md).`

Fix some copy issues in the docs 2020-08-27 12:39:20 +00:00			`## License`
Rename project 2020-08-20 17:54:15 +00:00
Update documentation to use the deployment YAML files from the releases 2020-09-25 00:55:53 +00:00			`Pinniped is open source and licensed under Apache License Version 2.0. See [LICENSE](LICENSE).`
Rename project 2020-08-20 17:54:15 +00:00
Update copyright to reference Pinniped contributors Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-09-16 14:05:51 +00:00			`Copyright 2020 the Pinniped contributors. All Rights Reserved.`