djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

command line option.

Browse Source
This commit is contained in:
Smeet nagda 2023-05-30 23:24:05 +05:30 committed by GitHub
parent 749a208773
commit 6cbfde95ec
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
site/content/docs/reference/supported-clusters.md
View File

@ -37,3 +37,6 @@ token credential request API strategy by default.
To choose the strategy to use with the concierge, use the `--concierge-mode` flag with `pinniped get kubeconfig`.
Possible values are `ImpersonationProxy` and `TokenCredentialRequestAPI`.
Do not use the command line option `--anonymous-auth=false` in the `kube-apiserver` CLI for a cluster that does not use `impersonation proxy`. This is because the `kube-apiserver` blocks unauthenticated access to `TokenCredentialRequest` API of the Concierge.
This does not matter while using `impersonation proxy`, which will allow these TokenCredentialRequests requests anyway.