clarifications to code walkthrough doc

This commit is contained in:
Ryan Richard 2021-12-03 10:50:02 -08:00
parent 7b6bdd8129
commit aa361a70a7

View File

@ -47,7 +47,8 @@ There are three binaries in the Pinniped source:
The Kube cert agent is a very simple binary that is sometimes deployed by the Pinniped Concierge server component The Kube cert agent is a very simple binary that is sometimes deployed by the Pinniped Concierge server component
at runtime as a separate Deployment. It exists as a separate binary in the same container image as the other at runtime as a separate Deployment. It exists as a separate binary in the same container image as the other
Pinniped server components. When needed, the Concierge will exec into the Deployment's pods to invoke the cert agent Pinniped server components. When needed, the Concierge will exec into the Deployment's pods to invoke the cert agent
binary to query for data. This is to support the Token Credential Request API strategy described in the binary to query for the cluster's keypair, which is used to sign client certificates used to access the Kubernetes API server.
This is to support the Token Credential Request API strategy described in the
[Supported Cluster Types document]({{< ref "../reference/supported-clusters" >}}). [Supported Cluster Types document]({{< ref "../reference/supported-clusters" >}}).
The Kube cert agent code is in [cmd/pinniped-concierge-kube-cert-agent/main.go](https://github.com/vmware-tanzu/pinniped/blob/main/cmd/pinniped-concierge-kube-cert-agent/main.go). The Kube cert agent code is in [cmd/pinniped-concierge-kube-cert-agent/main.go](https://github.com/vmware-tanzu/pinniped/blob/main/cmd/pinniped-concierge-kube-cert-agent/main.go).
@ -206,6 +207,8 @@ The per-FederationDomain endpoints are:
- `<issuer_path>/v1alpha1/pinniped_identity_providers` is a custom discovery endpoint for clients to learn about available upstream identity providers. - `<issuer_path>/v1alpha1/pinniped_identity_providers` is a custom discovery endpoint for clients to learn about available upstream identity providers.
See [internal/oidc/idpdiscovery/idp_discovery_handler.go](https://github.com/vmware-tanzu/pinniped/blob/main/internal/oidc/idpdiscovery/idp_discovery_handler.go). See [internal/oidc/idpdiscovery/idp_discovery_handler.go](https://github.com/vmware-tanzu/pinniped/blob/main/internal/oidc/idpdiscovery/idp_discovery_handler.go).
The OIDC specifications implemented by the Supervisor can be found at [openid.net](https://openid.net/connect).
## Kubernetes API group names ## Kubernetes API group names
The Kubernetes API groups used by the Pinniped CRDs and the Concierge's aggregated API endpoints are configurable The Kubernetes API groups used by the Pinniped CRDs and the Concierge's aggregated API endpoints are configurable