Update docs to reference the latest k8s codegen version
Signed-off-by: Margo Crawford <margaretc@vmware.com>
This commit is contained in:
parent
6347d7c0e2
commit
b8bdfa1b9a
@ -8,6 +8,7 @@ params:
|
|||||||
slack_url: "https://kubernetes.slack.com/messages/pinniped"
|
slack_url: "https://kubernetes.slack.com/messages/pinniped"
|
||||||
community_url: "https://go.pinniped.dev/community"
|
community_url: "https://go.pinniped.dev/community"
|
||||||
latest_version: v0.14.0
|
latest_version: v0.14.0
|
||||||
|
latest_codegen_version: 1.23
|
||||||
pygmentsCodefences: true
|
pygmentsCodefences: true
|
||||||
pygmentsStyle: "pygments"
|
pygmentsStyle: "pygments"
|
||||||
markup:
|
markup:
|
||||||
|
@ -48,7 +48,7 @@ Pinniped supports the following IDPs.
|
|||||||
1. Any Active Directory identity provider (via LDAP).
|
1. Any Active Directory identity provider (via LDAP).
|
||||||
|
|
||||||
The
|
The
|
||||||
[`idp.supervisor.pinniped.dev`](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.20/README.adoc#k8s-api-idp-supervisor-pinniped-dev-v1alpha1)
|
[`idp.supervisor.pinniped.dev`](https://github.com/vmware-tanzu/pinniped/blob/main/generated/{{< latestcodegenversion >}}/README.adoc#k8s-api-idp-supervisor-pinniped-dev-v1alpha1)
|
||||||
API group contains the Kubernetes custom resources that configure the Pinniped
|
API group contains the Kubernetes custom resources that configure the Pinniped
|
||||||
Supervisor's upstream IDPs.
|
Supervisor's upstream IDPs.
|
||||||
|
|
||||||
@ -83,7 +83,7 @@ Pinniped supports the following authenticator types.
|
|||||||
set on the `kube-apiserver` process.
|
set on the `kube-apiserver` process.
|
||||||
|
|
||||||
The
|
The
|
||||||
[`authentication.concierge.pinniped.dev`](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.20/README.adoc#k8s-api-authentication-concierge-pinniped-dev-v1alpha1)
|
[`authentication.concierge.pinniped.dev`](https://github.com/vmware-tanzu/pinniped/blob/main/generated/{{< latestcodegenversion >}}/README.adoc#k8s-api-authentication-concierge-pinniped-dev-v1alpha1)
|
||||||
API group contains the Kubernetes custom resources that configure the Pinniped
|
API group contains the Kubernetes custom resources that configure the Pinniped
|
||||||
Concierge's authenticators.
|
Concierge's authenticators.
|
||||||
|
|
||||||
|
@ -22,7 +22,7 @@ and that you have [configured a FederationDomain to issue tokens for your downst
|
|||||||
|
|
||||||
## Configure the Supervisor cluster
|
## Configure the Supervisor cluster
|
||||||
|
|
||||||
Create an [ActiveDirectoryIdentityProvider](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.20/README.adoc#activedirectoryidentityprovider) in the same namespace as the Supervisor.
|
Create an [ActiveDirectoryIdentityProvider](https://github.com/vmware-tanzu/pinniped/blob/main/generated/{{< latestcodegenversion >}}/README.adoc#activedirectoryidentityprovider) in the same namespace as the Supervisor.
|
||||||
|
|
||||||
### ActiveDirectoryIdentityProvider with default options
|
### ActiveDirectoryIdentityProvider with default options
|
||||||
|
|
||||||
|
@ -71,7 +71,7 @@ staticClients:
|
|||||||
|
|
||||||
## Configure the Supervisor
|
## Configure the Supervisor
|
||||||
|
|
||||||
Create an [OIDCIdentityProvider](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.20/README.adoc#oidcidentityprovider) resource in the same namespace as the Supervisor.
|
Create an [OIDCIdentityProvider](https://github.com/vmware-tanzu/pinniped/blob/main/generated/{{< latestcodegenversion >}}/README.adoc#oidcidentityprovider) resource in the same namespace as the Supervisor.
|
||||||
|
|
||||||
For example, the following OIDCIdentityProvider and the corresponding Secret use Dex's `email` claim as the Kubernetes username:
|
For example, the following OIDCIdentityProvider and the corresponding Secret use Dex's `email` claim as the Kubernetes username:
|
||||||
|
|
||||||
|
@ -41,7 +41,7 @@ For example, to create a user-owned application:
|
|||||||
|
|
||||||
## Configure the Supervisor cluster
|
## Configure the Supervisor cluster
|
||||||
|
|
||||||
Create an [OIDCIdentityProvider](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.20/README.adoc#oidcidentityprovider) in the same namespace as the Supervisor.
|
Create an [OIDCIdentityProvider](https://github.com/vmware-tanzu/pinniped/blob/main/generated/{{< latestcodegenversion >}}/README.adoc#oidcidentityprovider) in the same namespace as the Supervisor.
|
||||||
|
|
||||||
For example, this OIDCIdentityProvider and corresponding Secret for [gitlab.com](https://gitlab.com) use the `nickname` claim (GitLab username) as the Kubernetes username:
|
For example, this OIDCIdentityProvider and corresponding Secret for [gitlab.com](https://gitlab.com) use the `nickname` claim (GitLab username) as the Kubernetes username:
|
||||||
|
|
||||||
|
@ -45,7 +45,7 @@ Here are some good resources to review while setting up and using JumpCloud's LD
|
|||||||
|
|
||||||
## Configure the Supervisor cluster
|
## Configure the Supervisor cluster
|
||||||
|
|
||||||
Create an [LDAPIdentityProvider](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.20/README.adoc#ldapidentityprovider) in the same namespace as the Supervisor.
|
Create an [LDAPIdentityProvider](https://github.com/vmware-tanzu/pinniped/blob/main/generated/{{< latestcodegenversion >}}/README.adoc#ldapidentityprovider) in the same namespace as the Supervisor.
|
||||||
|
|
||||||
For example, this LDAPIdentityProvider configures the LDAP entry's `uid` as the Kubernetes username,
|
For example, this LDAPIdentityProvider configures the LDAP entry's `uid` as the Kubernetes username,
|
||||||
and the `cn` (common name) of each group to which the user belongs as the Kubernetes group names.
|
and the `cn` (common name) of each group to which the user belongs as the Kubernetes group names.
|
||||||
|
@ -49,7 +49,7 @@ For example, to create an app:
|
|||||||
|
|
||||||
## Configure the Supervisor
|
## Configure the Supervisor
|
||||||
|
|
||||||
Create an [OIDCIdentityProvider](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.20/README.adoc#oidcidentityprovider) in the same namespace as the Supervisor.
|
Create an [OIDCIdentityProvider](https://github.com/vmware-tanzu/pinniped/blob/main/generated/{{< latestcodegenversion >}}/README.adoc#oidcidentityprovider) in the same namespace as the Supervisor.
|
||||||
|
|
||||||
For example, this OIDCIdentityProvider and corresponding Secret use Okta's `email` claim as the Kubernetes username:
|
For example, this OIDCIdentityProvider and corresponding Secret use Okta's `email` claim as the Kubernetes username:
|
||||||
|
|
||||||
|
@ -185,7 +185,7 @@ kubectl apply -f openldap.yaml
|
|||||||
|
|
||||||
## Configure the Supervisor cluster
|
## Configure the Supervisor cluster
|
||||||
|
|
||||||
Create an [LDAPIdentityProvider](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.20/README.adoc#ldapidentityprovider) in the same namespace as the Supervisor.
|
Create an [LDAPIdentityProvider](https://github.com/vmware-tanzu/pinniped/blob/main/generated/{{< latestcodegenversion >}}/README.adoc#ldapidentityprovider) in the same namespace as the Supervisor.
|
||||||
|
|
||||||
For example, this LDAPIdentityProvider configures the LDAP entry's `uid` as the Kubernetes username,
|
For example, this LDAPIdentityProvider configures the LDAP entry's `uid` as the Kubernetes username,
|
||||||
and the `cn` (common name) of each group to which the user belongs as the Kubernetes group names.
|
and the `cn` (common name) of each group to which the user belongs as the Kubernetes group names.
|
||||||
|
@ -11,7 +11,7 @@ menu:
|
|||||||
---
|
---
|
||||||
|
|
||||||
This describes the default values for the `ActiveDirectoryIdentityProvider` user and group search. For more about `ActiveDirectoryIdentityProvider`
|
This describes the default values for the `ActiveDirectoryIdentityProvider` user and group search. For more about `ActiveDirectoryIdentityProvider`
|
||||||
configuration, see [the API reference documentation](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.20/README.adoc#activedirectoryidentityprovider).
|
configuration, see [the API reference documentation](https://github.com/vmware-tanzu/pinniped/blob/main/generated/{{< latestcodegenversion >}}/README.adoc#activedirectoryidentityprovider).
|
||||||
|
|
||||||
### `spec.userSearch.base`
|
### `spec.userSearch.base`
|
||||||
|
|
||||||
|
@ -9,4 +9,4 @@ menu:
|
|||||||
weight: 35
|
weight: 35
|
||||||
parent: reference
|
parent: reference
|
||||||
---
|
---
|
||||||
Full API reference documentation for the Pinniped Kubernetes API is available [on GitHub](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.23/README.adoc).
|
Full API reference documentation for the Pinniped Kubernetes API is available [on GitHub](https://github.com/vmware-tanzu/pinniped/blob/main/generated/{{< latestcodegenversion >}}/README.adoc).
|
||||||
|
@ -30,7 +30,7 @@ Most managed Kubernetes services do not support this.
|
|||||||
2. Impersonation Proxy: Can be run on any Kubernetes cluster. Default configuration requires that a `LoadBalancer` service can be created. Most cloud-hosted Kubernetes environments have this
|
2. Impersonation Proxy: Can be run on any Kubernetes cluster. Default configuration requires that a `LoadBalancer` service can be created. Most cloud-hosted Kubernetes environments have this
|
||||||
capability. The Impersonation Proxy automatically provisions (when `spec.impersonationProxy.mode` is set to `auto`) a `LoadBalancer` for ingress to the impersonation endpoint. Users who wish to use the impersonation proxy without an automatically
|
capability. The Impersonation Proxy automatically provisions (when `spec.impersonationProxy.mode` is set to `auto`) a `LoadBalancer` for ingress to the impersonation endpoint. Users who wish to use the impersonation proxy without an automatically
|
||||||
configured `LoadBalancer` can do so with an automatically provisioned `ClusterIP` or with a Service that they provision themselves. These options
|
configured `LoadBalancer` can do so with an automatically provisioned `ClusterIP` or with a Service that they provision themselves. These options
|
||||||
can be configured in the spec of the [`CredentialIssuer`](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.20/README.adoc#credentialissuer).
|
can be configured in the spec of the [`CredentialIssuer`](https://github.com/vmware-tanzu/pinniped/blob/main/generated/{{< latestcodegenversion >}}/README.adoc#credentialissuer).
|
||||||
|
|
||||||
If a cluster is capable of supporting both strategies, the Pinniped CLI will use the
|
If a cluster is capable of supporting both strategies, the Pinniped CLI will use the
|
||||||
token credential request API strategy by default.
|
token credential request API strategy by default.
|
||||||
|
@ -361,7 +361,7 @@ kubectl get secret supervisor-tls-cert \
|
|||||||
|
|
||||||
### Configure a FederationDomain in the Pinniped Supervisor
|
### Configure a FederationDomain in the Pinniped Supervisor
|
||||||
|
|
||||||
The Supervisor should be configured to have a [FederationDomain](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.20/README.adoc#federationdomain), which, under the hood:
|
The Supervisor should be configured to have a [FederationDomain](https://github.com/vmware-tanzu/pinniped/blob/main/generated/{{< latestcodegenversion >}}/README.adoc#federationdomain), which, under the hood:
|
||||||
- Acts as an OIDC provider to the Pinniped CLI, creating a consistent interface for the CLI to use regardless
|
- Acts as an OIDC provider to the Pinniped CLI, creating a consistent interface for the CLI to use regardless
|
||||||
of which protocol the Supervisor is using to talk to the external identity provider
|
of which protocol the Supervisor is using to talk to the external identity provider
|
||||||
- Also acts as an OIDC provider to the workload cluster's Concierge component, which will receive JWT tokens
|
- Also acts as an OIDC provider to the workload cluster's Concierge component, which will receive JWT tokens
|
||||||
@ -417,7 +417,7 @@ The general steps required to create and configure a client in Okta are:
|
|||||||
|
|
||||||
### Configure the Supervisor to use Okta as the external identity provider
|
### Configure the Supervisor to use Okta as the external identity provider
|
||||||
|
|
||||||
Create an [OIDCIdentityProvider](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.20/README.adoc#oidcidentityprovider) and a Secret.
|
Create an [OIDCIdentityProvider](https://github.com/vmware-tanzu/pinniped/blob/main/generated/{{< latestcodegenversion >}}/README.adoc#oidcidentityprovider) and a Secret.
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
# Replace the issuer's domain, the client ID, and client secret below.
|
# Replace the issuer's domain, the client ID, and client secret below.
|
||||||
@ -488,7 +488,7 @@ kubectl apply -f \
|
|||||||
|
|
||||||
Configure the Concierge on the first workload cluster to trust the Supervisor's
|
Configure the Concierge on the first workload cluster to trust the Supervisor's
|
||||||
FederationDomain for authentication by creating a
|
FederationDomain for authentication by creating a
|
||||||
[JWTAuthenticator](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.20/README.adoc#jwtauthenticator).
|
[JWTAuthenticator](https://github.com/vmware-tanzu/pinniped/blob/main/generated/{{< latestcodegenversion >}}/README.adoc#jwtauthenticator).
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
# The audience value below is an arbitrary value which must uniquely
|
# The audience value below is an arbitrary value which must uniquely
|
||||||
|
@ -0,0 +1 @@
|
|||||||
|
{{ .Site.Params.latest_codegen_version }}
|
Loading…
Reference in New Issue
Block a user