diff --git a/README.md b/README.md index 0b7e0a7f..7f1c133d 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -Pinniped Logo +Pinniped Logo ## Overview @@ -30,7 +30,7 @@ distributions to make authentication possible. To learn more, see [architecture](https://pinniped.dev/docs/architecture/). -Pinniped Architecture Sketch +Pinniped Architecture Sketch ## Trying Pinniped diff --git a/doc/img/README.md b/doc/img/README.md deleted file mode 100644 index 6069e9e3..00000000 --- a/doc/img/README.md +++ /dev/null @@ -1,12 +0,0 @@ -# `doc/img` README - -## How to Update these Images - -- [pinniped.svg](pinniped.svg) was generated using [`plantuml`](https://plantuml.com/). - To regenerate the image, run `plantuml -tsvg pinniped.txt` from this directory. - -- [pinniped_architecture.svg](pinniped_architecture.svg) was created on [draw.io](https://draw.io). - It can be opened again for editing on that site by choosing "File" -> "Open from" -> "Device". - Because it includes embedded icons it should be exported using "File" -> "Export as" -> "SVG", - with the "Transparent Background", "Embed Images", and "Include a copy of my diagram" options - checked. The icons in this diagram are from their "CAE" shapes set. diff --git a/doc/img/pinniped.svg b/doc/img/pinniped.svg deleted file mode 100644 index ea490377..00000000 --- a/doc/img/pinniped.svg +++ /dev/null @@ -1,381 +0,0 @@ -UserUserKubectlKubectlProprietary CLIProprietary CLIPinnipedPinnipedTokenReview WebhookTokenReview WebhookKubernetes APIKubernetes APIkubectl get podsAcquire cluster-specific credentialGet cluster-specific credentialRetrieve upstream IDP credential inorganization-specific wayPOST /apis/pinniped.dev/...POST /authenticate200 OKwith user and group informationIssue short-lived cluster-specific credentialwith user and group information200 OKHere is a cluster-specific credentialAuthenticate to cluster with cluster-specific credentialGET /api/v1/podsGlean user and group information fromcluster-specific credential200 OKwith pods1.Message contains upstream IDP credentials2.Message contains cluster-specific credentials diff --git a/doc/img/pinniped.txt b/doc/img/pinniped.txt deleted file mode 100644 index d986814a..00000000 --- a/doc/img/pinniped.txt +++ /dev/null @@ -1,61 +0,0 @@ -@startuml "pinniped" - -!define K8S_BLUE #326CE5 -!define K8S_SPRITES_URL https://raw.githubusercontent.com/michiel/plantuml-kubernetes-sprites/master/resource -!include K8S_SPRITES_URL/k8s-sprites-unlabeled-25pct.iuml - -participant "User" as USER << ($pod{scale=0.30},K8S_BLUE) >> #LightGreen -participant "Kubectl" as KUBECTL << ($ing{scale=0.30},K8S_BLUE) >> #LightSteelBlue -participant "Proprietary CLI" as CLI << ($svc{scale=0.30},K8S_BLUE) >> #LightPink -participant "Pinniped" as PINNIPED << ($node{scale=0.30},K8S_BLUE) >> #LightGray -participant "TokenReview Webhook" as WEBHOOK << ($pod{scale=0.30},K8S_BLUE) >> #LightPink -participant "Kubernetes API" as API << ($node{scale=0.30},K8S_BLUE) >> #LightSteelBlue - -legend - # Message contains upstream IDP credentials - # Message contains cluster-specific credentials -end legend - -USER -> KUBECTL : ""kubectl get pods"" -activate KUBECTL - -group Acquire cluster-specific credential - -KUBECTL -> CLI : Get cluster-specific credential -activate CLI - -CLI -> CLI : Retrieve upstream IDP credential in\norganization-specific way - -CLI -> PINNIPED : ""POST /apis/pinniped.dev/..."" -activate PINNIPED - -PINNIPED -> WEBHOOK : ""POST /authenticate"" -activate WEBHOOK - -WEBHOOK -> PINNIPED : ""200 OK"" with user and group information -deactivate WEBHOOK - -PINNIPED -> PINNIPED : Issue short-lived cluster-specific credential\nwith user and group information - -PINNIPED -> CLI : ""200 OK"" -deactivate PINNIPED - -CLI -> KUBECTL : Here is a cluster-specific credential - -end - -group Authenticate to cluster with cluster-specific credential - -KUBECTL -> API : ""GET /api/v1/pods"" -activate API - -API -> API : Glean user and group information from\ncluster-specific credential - -API -> KUBECTL : ""200 OK"" with pods -deactivate API - -deactivate KUBECTL - -end - -@enduml diff --git a/doc/img/pinniped_architecture.svg b/doc/img/pinniped_architecture.svg deleted file mode 100644 index ded0bdf4..00000000 --- a/doc/img/pinniped_architecture.svg +++ /dev/null @@ -1,3 +0,0 @@ - - -
Identity Provider
Identity Provider
Kubernetes Cluster
Kubernetes Cluster
Client Machine
Client Machine
Pinniped Service
Pinniped Service
Pod
Pod
Pod
Pod
Pinniped's Aggregated API
Pinniped's Ag...
Pinniped's exec plugin
Pinniped's ex...
"kubectl get pods"
"kubectl get pods"
1.) Credential Exchange Request
1.) Credential...
3.) "get pods" Request Including Auth
3.) "get pods"...
Kubernetes API Server
Kubernetes API Server
2.) Confirm User Identity
2.) Confirm Us...
Viewer does not support full SVG 1.1
diff --git a/doc/img/pinniped_logo.svg b/doc/img/pinniped_logo.svg deleted file mode 100644 index 77c54377..00000000 --- a/doc/img/pinniped_logo.svg +++ /dev/null @@ -1,68 +0,0 @@ - - - - - - - open source identity - open source identity|636062 - open source identity|Pinniped - - - - - open source identity - 636062 - Pinniped - - - 2020-09-17T16:06:40-07:00 - xmp.iid:932334bf-97ee-471a-96c9-c4e5ff526fe4 - xmp.did:38396587-b56b-42c3-8f3e-f8e9c91f532b - xmp.did:38396587-b56b-42c3-8f3e-f8e9c91f532b - - - - - saved - xmp.iid:38396587-b56b-42c3-8f3e-f8e9c91f532b - 2020-09-17T16:06:35-07:00 - Adobe Bridge 2020 (Macintosh) - /metadata - - - - - saved - xmp.iid:932334bf-97ee-471a-96c9-c4e5ff526fe4 - 2020-09-17T16:06:40-07:00 - Adobe Bridge 2020 (Macintosh) - /metadata - - - - - - - - - - - - - - - - - - - - - - - diff --git a/site/content/docs/img/README.md b/site/content/docs/img/README.md index d6951811..e4db879a 100644 --- a/site/content/docs/img/README.md +++ b/site/content/docs/img/README.md @@ -1,4 +1,4 @@ -# doc/img README +# site/content/docs/img README ## How to Update these Images