Tweak image descriptions

This commit is contained in:
Margo Crawford 2020-12-18 14:54:30 -08:00
parent 7c9f40b6d9
commit afc39cd2f7

View File

@ -125,9 +125,12 @@ cluster.
The Supervisor enables users to log in to their external identity provider The Supervisor enables users to log in to their external identity provider
once per day and access each cluster in a domain with a distinct scoped-down token. once per day and access each cluster in a domain with a distinct scoped-down token.
The diagram below shows the components involved in the login flow when both the Concierge
and Supervisor are configured.
![concierge-with-supervisor-architecture-diagram](/docs/img/pinniped_architecture_concierge_supervisor.svg) ![concierge-with-supervisor-architecture-diagram](/docs/img/pinniped_architecture_concierge_supervisor.svg)
This diagram demonstrates using `kubectl get pods` with the Pinniped CLI The diagram below demonstrates using `kubectl get pods` with the Pinniped CLI
functioning as a [Kubernetes client-go credential plugin](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins) functioning as a [Kubernetes client-go credential plugin](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins)
that obtains a federation ID token from the Pinniped Supervisor to be sent to a that obtains a federation ID token from the Pinniped Supervisor to be sent to a
JWT authenticator via the Pinniped Concierge. JWT authenticator via the Pinniped Concierge.
@ -140,9 +143,12 @@ Users can authenticate directly with their OIDC compliant external identity prov
can be exchanged at the Concierge for a credential that is understood by the host Kubernetes can be exchanged at the Concierge for a credential that is understood by the host Kubernetes
cluster. cluster.
The diagram below shows the components involved in the login flow when the Concierge is
configured.
![concierge-with-webhook-architecture-diagram](/docs/img/pinniped_architecture_concierge_webhook.svg) ![concierge-with-webhook-architecture-diagram](/docs/img/pinniped_architecture_concierge_webhook.svg)
This diagram demonstrates using `kubectl get pods` with a [Kubernetes client-go credential plugin](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins) The diagram below demonstrates using `kubectl get pods` with a [Kubernetes client-go credential plugin](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins)
that obtains an external credential to be sent to a webhook authenticator via the Pinniped Concierge. that obtains an external credential to be sent to a webhook authenticator via the Pinniped Concierge.
![concierge-with-webhook-sequence-diagram](/docs/img/pinniped-concierge-sequence.svg) ![concierge-with-webhook-sequence-diagram](/docs/img/pinniped-concierge-sequence.svg)