djpbessems
/
ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #1538 from smeet07/patch-1 

documents when to avoid setting anon auth command line option
This commit is contained in:
Ryan Richard 2023-06-01 11:01:08 -07:00 committed by GitHub
parent d4b20b3899 4f3c081401
commit 533c41f143
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
site/content/docs/reference/supported-clusters.md
View File

@ -37,3 +37,6 @@ token credential request API strategy by default.
To choose the strategy to use with the concierge, use the `--concierge-mode` flag with `pinniped get kubeconfig`.
Possible values are `ImpersonationProxy` and `TokenCredentialRequestAPI`.
Do not use the command line option `--anonymous-auth=false` in the `kube-apiserver` CLI for a cluster that does not use the impersonation proxy strategy. This is because the `kube-apiserver` blocks unauthenticated access to the TokenCredentialRequest API of the Concierge, which will prevent users from being able to authenticate.
This does not matter while using the impersonation proxy strategy, which will allow these TokenCredentialRequests requests anyway.