From 157d041b6aefdf0a8ffdd1c82c9db5ecd96922af Mon Sep 17 00:00:00 2001 From: Andrew Keesler Date: Thu, 17 Dec 2020 15:36:33 -0500 Subject: [PATCH] README.md: first draft of Supervisor additions Signed-off-by: Margo Crawford --- README.md | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 7f1c133d..1541362b 100644 --- a/README.md +++ b/README.md @@ -23,11 +23,22 @@ with IDPs, and distribution-specific integration strategies. ### Architecture -Pinniped offers credential exchange to enable a user to exchange an external IDP -credential for a short-lived, cluster-specific credential. Pinniped supports various -IDP types and implements different integration strategies for various Kubernetes +The Pinniped Supervisor component offers identity federation to enable a user to +access multiple clusters with a single daily login to their external IDP. The +Pinniped Supervisor supports various external [IDP +types](https://github.com/vmware-tanzu/pinniped/tree/main/generated/1.19#k8s-api-idp-supervisor-pinniped-dev-v1alpha1). + +The Pinniped Concierge component offers credential exchange to enable a user to +exchange an external credential for a short-lived, cluster-specific +credential. Pinniped supports various [authentication +methods](https://github.com/vmware-tanzu/pinniped/tree/main/generated/1.19#authenticationconciergepinnipeddevv1alpha1) +and implements different integration strategies for various Kubernetes distributions to make authentication possible. +The Pinniped Concierge can be configured to hook into the Pinniped Supervisor's +federated credentials, or it can authenticate users directly via external IDP +credentials. + To learn more, see [architecture](https://pinniped.dev/docs/architecture/). Pinniped Architecture Sketch