Merge branch 'main' of github.com:vmware-tanzu/pinniped into active-directory-identity-provider

This commit is contained in:
Margo Crawford 2021-08-26 20:42:16 -07:00
commit 19100d68ef
6 changed files with 138 additions and 4 deletions

View File

@ -501,6 +501,7 @@ func (c *agentController) newAgentDeployment(controllerManagerPod *corev1.Pod) *
RunAsUser: pointer.Int64Ptr(0), RunAsUser: pointer.Int64Ptr(0),
RunAsGroup: pointer.Int64Ptr(0), RunAsGroup: pointer.Int64Ptr(0),
}, },
HostNetwork: controllerManagerPod.Spec.HostNetwork,
}, },
}, },

View File

@ -151,6 +151,16 @@ func TestAgentController(t *testing.T) {
}, },
} }
// The host network setting from the kube-controller-manager pod should be applied on the
// deployment.
healthyKubeControllerManagerPodWithHostNetwork := healthyKubeControllerManagerPod.DeepCopy()
healthyKubeControllerManagerPodWithHostNetwork.Spec.HostNetwork = true
// We create an agent deployment that does not use host network and expect the
// controller to add 'hostNetwork: true' to the spec.
healthyAgentDeploymentWithHostNetwork := healthyAgentDeployment.DeepCopy()
healthyAgentDeploymentWithHostNetwork.Spec.Template.Spec.HostNetwork = true
// Make another kube-controller-manager pod that's similar, but does not have the CLI flags we're expecting. // Make another kube-controller-manager pod that's similar, but does not have the CLI flags we're expecting.
// We should handle this by falling back to default values for the cert and key paths. // We should handle this by falling back to default values for the cert and key paths.
healthyKubeControllerManagerPodWithoutArgs := healthyKubeControllerManagerPod.DeepCopy() healthyKubeControllerManagerPodWithoutArgs := healthyKubeControllerManagerPod.DeepCopy()
@ -461,6 +471,31 @@ func TestAgentController(t *testing.T) {
LastUpdateTime: metav1.NewTime(now), LastUpdateTime: metav1.NewTime(now),
}, },
}, },
{
name: "deployment exists, but missing host network from kube-controller-manager",
pinnipedObjects: []runtime.Object{
initialCredentialIssuer,
},
kubeObjects: []runtime.Object{
healthyKubeControllerManagerPodWithHostNetwork,
healthyAgentDeployment,
healthyAgentPod,
},
wantDistinctErrors: []string{
"failed to get kube-public/cluster-info configmap: configmap \"cluster-info\" not found",
},
wantAgentDeployment: healthyAgentDeploymentWithHostNetwork,
wantStrategy: &configv1alpha1.CredentialIssuerStrategy{
Type: configv1alpha1.KubeClusterSigningCertificateStrategyType,
Status: configv1alpha1.ErrorStrategyStatus,
Reason: configv1alpha1.CouldNotGetClusterInfoStrategyReason,
Message: "failed to get kube-public/cluster-info configmap: configmap \"cluster-info\" not found",
LastUpdateTime: metav1.NewTime(now),
},
wantDistinctLogs: []string{
`kube-cert-agent-controller "level"=0 "msg"="updating existing deployment" "deployment"={"name":"pinniped-concierge-kube-cert-agent","namespace":"concierge"} "templatePod"={"name":"kube-controller-manager-1","namespace":"kube-system"}`,
},
},
{ {
name: "deployment exists, configmap missing", name: "deployment exists, configmap missing",
pinnipedObjects: []runtime.Object{ pinnipedObjects: []runtime.Object{
@ -562,7 +597,7 @@ func TestAgentController(t *testing.T) {
}, },
}, },
{ {
name: "deployment exists, configmap is valid,, exec into agent pod fails", name: "deployment exists, configmap is valid, exec into agent pod fails",
pinnipedObjects: []runtime.Object{ pinnipedObjects: []runtime.Object{
initialCredentialIssuer, initialCredentialIssuer,
}, },

View File

@ -0,0 +1,53 @@
---
title: Pinniped Resources
layout: section
---
<div class="hero subpage">
<div class="wrapper">
<h1>Resources</h1>
</div>
</div>
<div class="wrapper resources">
<h2>Resources about Pinniped, such as videos, podcasts, and community articles</h2>
<div class="grid three">
<div class="col">
<div class="embed-responsive">
<iframe class="embed-responsive-item"
src="https://www.youtube-nocookie.com/embed/YGeO1jKfgac?start=138"
title="YouTube video player"
frameborder="0"
allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture"
allowfullscreen>
</iframe>
</div>
<div class="content">
<p>
<a href="https://www.cncf.io/online-programs/cncf-live-webinar-easy-secure-kubernetes-authentication-with-pinniped/"
target="_blank">
CNCF Live Webinar: Easy, Secure Kubernetes Authentication With Pinniped - August 24, 2021
[VIDEO]
</a>
<a href="https://docs.google.com/presentation/d/1euA62C7SHQpHewPqPaxTvNEKdvyNOdU9MDWh3YN3NvY/edit?usp=sharing"
target="_blank">
[SLIDES]
</a>
</p>
</div>
</div>
<div class="col">
<a href="https://github.com/vmware-tanzu/pinniped">
<div class="icon">
<img src="/img/logo.svg"/>
</div>
<div class="content">
<p class="strong">Pinniped Source Code:</p>
<p>https://github.com/vmware-tanzu/pinniped</p>
</div>
</a>
</div>
</div>
</div>

File diff suppressed because one or more lines are too long

View File

@ -400,6 +400,49 @@
} }
} }
.resources {
background-color: #fff;
margin-top: -90px;
padding: 30px 30px 50px 30px;
.embed-responsive {
position: relative;
&:before {
padding-top: 56.25%;
display: block;
content: "";
}
.embed-responsive-item {
position: absolute;
top: 0;
bottom: 0;
left: 0;
width: 100%;
height: 100%;
border: 0;
}
}
.grid {
.col {
border: 1px solid #F2F2F2;
.icon {
display: flex;
align-items: center;
justify-content: center;
min-height: 140px;
}
.content {
padding: 0px 20px 20px 20px;
text-align: center;
h3 {
margin-top: 0px;
}
}
}
}
}
.docs { .docs {
background-color: #fff; background-color: #fff;
margin-top: -90px; margin-top: -90px;

View File

@ -6,6 +6,7 @@
<li><a href="/community/" {{ if (eq .RelPermalink "/community/") }}class="active"{{ end }}>Community</a></li> <li><a href="/community/" {{ if (eq .RelPermalink "/community/") }}class="active"{{ end }}>Community</a></li>
<li><a href="/blog/" {{ if or (eq .Page.Section "posts") (eq .Page.Section "tags") }}class="active"{{ end }}>Blog</a></li> <li><a href="/blog/" {{ if or (eq .Page.Section "posts") (eq .Page.Section "tags") }}class="active"{{ end }}>Blog</a></li>
<li><a href="/docs/" {{ if (eq .Page.Section "docs") }}class="active"{{ end }}>Docs</a></li> <li><a href="/docs/" {{ if (eq .Page.Section "docs") }}class="active"{{ end }}>Docs</a></li>
<li><a href="/resources/" {{ if (eq .RelPermalink "resources") }}class="active"{{ end }}>Resources</a></li>
</ul> </ul>
<button type="button" class="mobile" id="mobile-menu-button"> <button type="button" class="mobile" id="mobile-menu-button">
<img class="collapsed-icon" src="/img/hamburger.svg" alt="Mobile nav icon"> <img class="collapsed-icon" src="/img/hamburger.svg" alt="Mobile nav icon">
@ -17,6 +18,7 @@
<li><a href="/community/" {{ if (eq .RelPermalink "/community/") }}class="active"{{ end }}>Community</a></li> <li><a href="/community/" {{ if (eq .RelPermalink "/community/") }}class="active"{{ end }}>Community</a></li>
<li><a href="/blog/" {{ if or (eq .Page.Section "posts") (eq .Page.Section "tags") }}class="active"{{ end }}>Blog</a></li> <li><a href="/blog/" {{ if or (eq .Page.Section "posts") (eq .Page.Section "tags") }}class="active"{{ end }}>Blog</a></li>
<li><a href="/docs/" {{ if (eq .Page.Section "docs") }}class="active"{{ end }}>Docs</a></li> <li><a href="/docs/" {{ if (eq .Page.Section "docs") }}class="active"{{ end }}>Docs</a></li>
<li><a href="/resources/" {{ if (eq .RelPermalink "resources") }}class="active"{{ end }}>Resources</a></li>
</ul> </ul>
<div class="social"> <div class="social">
<a href="https://twitter.com/projectpinniped"><img src="/img/twitter.png" />Twitter</a> <a href="https://twitter.com/projectpinniped"><img src="/img/twitter.png" />Twitter</a>