djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add more subtitles to README.md

Browse Source
This commit is contained in:
Ryan Richard 2020-08-27 15:11:38 -07:00
parent f6ea93e273
commit 20a3208564
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
README.md
View File

@ -28,20 +28,26 @@ credential for a short-lived, cluster-specific credential. Pinniped supports var
IDP types and implements different integration strategies for various Kubernetes IDP types and implements different integration strategies for various Kubernetes
distributions to make authentication possible. distributions to make authentication possible.
#### Supported Identity Provider Types
The currently supported external IDP types are outlined here. More will be added in the future. The currently supported external IDP types are outlined here. More will be added in the future.
1. Any webhook which implements the 1. Any webhook which implements the
[Kubernetes TokenReview API](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication) [Kubernetes TokenReview API](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication)
#### Supported Cluster Integration Strategies
The currently supported cluster integration strategies are outlined here. More The currently supported cluster integration strategies are outlined here. More
will be added in the future. will be added in the future.
1. Pinniped hosts a credential exchange API via a Kubernetes aggregated API server. 1. Pinniped hosts a credential exchange API endpoint via a Kubernetes aggregated API server.
This API returns a new cluster-specific credential using the cluster's signing keypair to This API returns a new cluster-specific credential using the cluster's signing keypair to
issue short-lived cluster certificates. (In the future, when the Kubernetes CSR API issue short-lived cluster certificates. (In the future, when the Kubernetes CSR API
provides a way to create a short-lived certificate, then the Pinniped credential exchange API provides a way to issue short-lived certificates, then the Pinniped credential exchange API
will use that instead of using the cluster's signing keypair.) will use that instead of using the cluster's signing keypair.)
#### `kubectl` Integration
With any of the above IDPs and integration strategies, `kubectl` commands receive the With any of the above IDPs and integration strategies, `kubectl` commands receive the
cluster-specific credential via a cluster-specific credential via a
[Kubernetes client-go credential plugin](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins). [Kubernetes client-go credential plugin](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins).