diff --git a/site/config.yaml b/site/config.yaml index ca08620c..1b9d5759 100644 --- a/site/config.yaml +++ b/site/config.yaml @@ -8,6 +8,7 @@ params: slack_url: "https://kubernetes.slack.com/messages/pinniped" community_url: "https://go.pinniped.dev/community" latest_version: v0.14.0 + latest_codegen_version: 1.23 pygmentsCodefences: true pygmentsStyle: "pygments" markup: diff --git a/site/content/docs/background/architecture.md b/site/content/docs/background/architecture.md index e1bf72af..0e62e886 100644 --- a/site/content/docs/background/architecture.md +++ b/site/content/docs/background/architecture.md @@ -48,7 +48,7 @@ Pinniped supports the following IDPs. 1. Any Active Directory identity provider (via LDAP). The -[`idp.supervisor.pinniped.dev`](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.20/README.adoc#k8s-api-idp-supervisor-pinniped-dev-v1alpha1) +[`idp.supervisor.pinniped.dev`](https://github.com/vmware-tanzu/pinniped/blob/main/generated/{{< latestcodegenversion >}}/README.adoc#k8s-api-idp-supervisor-pinniped-dev-v1alpha1) API group contains the Kubernetes custom resources that configure the Pinniped Supervisor's upstream IDPs. @@ -83,7 +83,7 @@ Pinniped supports the following authenticator types. set on the `kube-apiserver` process. The -[`authentication.concierge.pinniped.dev`](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.20/README.adoc#k8s-api-authentication-concierge-pinniped-dev-v1alpha1) +[`authentication.concierge.pinniped.dev`](https://github.com/vmware-tanzu/pinniped/blob/main/generated/{{< latestcodegenversion >}}/README.adoc#k8s-api-authentication-concierge-pinniped-dev-v1alpha1) API group contains the Kubernetes custom resources that configure the Pinniped Concierge's authenticators. diff --git a/site/content/docs/howto/configure-supervisor-with-activedirectory.md b/site/content/docs/howto/configure-supervisor-with-activedirectory.md index af852902..4b5aa387 100644 --- a/site/content/docs/howto/configure-supervisor-with-activedirectory.md +++ b/site/content/docs/howto/configure-supervisor-with-activedirectory.md @@ -22,7 +22,7 @@ and that you have [configured a FederationDomain to issue tokens for your downst ## Configure the Supervisor cluster -Create an [ActiveDirectoryIdentityProvider](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.20/README.adoc#activedirectoryidentityprovider) in the same namespace as the Supervisor. +Create an [ActiveDirectoryIdentityProvider](https://github.com/vmware-tanzu/pinniped/blob/main/generated/{{< latestcodegenversion >}}/README.adoc#activedirectoryidentityprovider) in the same namespace as the Supervisor. ### ActiveDirectoryIdentityProvider with default options diff --git a/site/content/docs/howto/configure-supervisor-with-dex.md b/site/content/docs/howto/configure-supervisor-with-dex.md index df8876ff..8c707653 100644 --- a/site/content/docs/howto/configure-supervisor-with-dex.md +++ b/site/content/docs/howto/configure-supervisor-with-dex.md @@ -71,7 +71,7 @@ staticClients: ## Configure the Supervisor -Create an [OIDCIdentityProvider](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.20/README.adoc#oidcidentityprovider) resource in the same namespace as the Supervisor. +Create an [OIDCIdentityProvider](https://github.com/vmware-tanzu/pinniped/blob/main/generated/{{< latestcodegenversion >}}/README.adoc#oidcidentityprovider) resource in the same namespace as the Supervisor. For example, the following OIDCIdentityProvider and the corresponding Secret use Dex's `email` claim as the Kubernetes username: diff --git a/site/content/docs/howto/configure-supervisor-with-gitlab.md b/site/content/docs/howto/configure-supervisor-with-gitlab.md index c7998470..d495d67b 100644 --- a/site/content/docs/howto/configure-supervisor-with-gitlab.md +++ b/site/content/docs/howto/configure-supervisor-with-gitlab.md @@ -41,7 +41,7 @@ For example, to create a user-owned application: ## Configure the Supervisor cluster -Create an [OIDCIdentityProvider](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.20/README.adoc#oidcidentityprovider) in the same namespace as the Supervisor. +Create an [OIDCIdentityProvider](https://github.com/vmware-tanzu/pinniped/blob/main/generated/{{< latestcodegenversion >}}/README.adoc#oidcidentityprovider) in the same namespace as the Supervisor. For example, this OIDCIdentityProvider and corresponding Secret for [gitlab.com](https://gitlab.com) use the `nickname` claim (GitLab username) as the Kubernetes username: diff --git a/site/content/docs/howto/configure-supervisor-with-jumpcloudldap.md b/site/content/docs/howto/configure-supervisor-with-jumpcloudldap.md index 578ba5ba..732e9e77 100644 --- a/site/content/docs/howto/configure-supervisor-with-jumpcloudldap.md +++ b/site/content/docs/howto/configure-supervisor-with-jumpcloudldap.md @@ -45,7 +45,7 @@ Here are some good resources to review while setting up and using JumpCloud's LD ## Configure the Supervisor cluster -Create an [LDAPIdentityProvider](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.20/README.adoc#ldapidentityprovider) in the same namespace as the Supervisor. +Create an [LDAPIdentityProvider](https://github.com/vmware-tanzu/pinniped/blob/main/generated/{{< latestcodegenversion >}}/README.adoc#ldapidentityprovider) in the same namespace as the Supervisor. For example, this LDAPIdentityProvider configures the LDAP entry's `uid` as the Kubernetes username, and the `cn` (common name) of each group to which the user belongs as the Kubernetes group names. diff --git a/site/content/docs/howto/configure-supervisor-with-okta.md b/site/content/docs/howto/configure-supervisor-with-okta.md index d90c7d82..6e37573f 100644 --- a/site/content/docs/howto/configure-supervisor-with-okta.md +++ b/site/content/docs/howto/configure-supervisor-with-okta.md @@ -49,7 +49,7 @@ For example, to create an app: ## Configure the Supervisor -Create an [OIDCIdentityProvider](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.20/README.adoc#oidcidentityprovider) in the same namespace as the Supervisor. +Create an [OIDCIdentityProvider](https://github.com/vmware-tanzu/pinniped/blob/main/generated/{{< latestcodegenversion >}}/README.adoc#oidcidentityprovider) in the same namespace as the Supervisor. For example, this OIDCIdentityProvider and corresponding Secret use Okta's `email` claim as the Kubernetes username: diff --git a/site/content/docs/howto/configure-supervisor-with-openldap.md b/site/content/docs/howto/configure-supervisor-with-openldap.md index 8d95450e..35605024 100644 --- a/site/content/docs/howto/configure-supervisor-with-openldap.md +++ b/site/content/docs/howto/configure-supervisor-with-openldap.md @@ -185,7 +185,7 @@ kubectl apply -f openldap.yaml ## Configure the Supervisor cluster -Create an [LDAPIdentityProvider](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.20/README.adoc#ldapidentityprovider) in the same namespace as the Supervisor. +Create an [LDAPIdentityProvider](https://github.com/vmware-tanzu/pinniped/blob/main/generated/{{< latestcodegenversion >}}/README.adoc#ldapidentityprovider) in the same namespace as the Supervisor. For example, this LDAPIdentityProvider configures the LDAP entry's `uid` as the Kubernetes username, and the `cn` (common name) of each group to which the user belongs as the Kubernetes group names. diff --git a/site/content/docs/reference/active-directory-configuration.md b/site/content/docs/reference/active-directory-configuration.md index f7843954..683fce93 100644 --- a/site/content/docs/reference/active-directory-configuration.md +++ b/site/content/docs/reference/active-directory-configuration.md @@ -11,7 +11,7 @@ menu: --- This describes the default values for the `ActiveDirectoryIdentityProvider` user and group search. For more about `ActiveDirectoryIdentityProvider` -configuration, see [the API reference documentation](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.20/README.adoc#activedirectoryidentityprovider). +configuration, see [the API reference documentation](https://github.com/vmware-tanzu/pinniped/blob/main/generated/{{< latestcodegenversion >}}/README.adoc#activedirectoryidentityprovider). ### `spec.userSearch.base` diff --git a/site/content/docs/reference/api.md b/site/content/docs/reference/api.md index a5a271db..34b64298 100644 --- a/site/content/docs/reference/api.md +++ b/site/content/docs/reference/api.md @@ -9,4 +9,4 @@ menu: weight: 35 parent: reference --- -Full API reference documentation for the Pinniped Kubernetes API is available [on GitHub](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.23/README.adoc). +Full API reference documentation for the Pinniped Kubernetes API is available [on GitHub](https://github.com/vmware-tanzu/pinniped/blob/main/generated/{{< latestcodegenversion >}}/README.adoc). diff --git a/site/content/docs/reference/supported-clusters.md b/site/content/docs/reference/supported-clusters.md index bb1162af..e9838166 100644 --- a/site/content/docs/reference/supported-clusters.md +++ b/site/content/docs/reference/supported-clusters.md @@ -30,7 +30,7 @@ Most managed Kubernetes services do not support this. 2. Impersonation Proxy: Can be run on any Kubernetes cluster. Default configuration requires that a `LoadBalancer` service can be created. Most cloud-hosted Kubernetes environments have this capability. The Impersonation Proxy automatically provisions (when `spec.impersonationProxy.mode` is set to `auto`) a `LoadBalancer` for ingress to the impersonation endpoint. Users who wish to use the impersonation proxy without an automatically configured `LoadBalancer` can do so with an automatically provisioned `ClusterIP` or with a Service that they provision themselves. These options -can be configured in the spec of the [`CredentialIssuer`](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.20/README.adoc#credentialissuer). +can be configured in the spec of the [`CredentialIssuer`](https://github.com/vmware-tanzu/pinniped/blob/main/generated/{{< latestcodegenversion >}}/README.adoc#credentialissuer). If a cluster is capable of supporting both strategies, the Pinniped CLI will use the token credential request API strategy by default. diff --git a/site/content/docs/tutorials/concierge-and-supervisor-demo.md b/site/content/docs/tutorials/concierge-and-supervisor-demo.md index 394d3166..33cab765 100644 --- a/site/content/docs/tutorials/concierge-and-supervisor-demo.md +++ b/site/content/docs/tutorials/concierge-and-supervisor-demo.md @@ -361,7 +361,7 @@ kubectl get secret supervisor-tls-cert \ ### Configure a FederationDomain in the Pinniped Supervisor -The Supervisor should be configured to have a [FederationDomain](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.20/README.adoc#federationdomain), which, under the hood: +The Supervisor should be configured to have a [FederationDomain](https://github.com/vmware-tanzu/pinniped/blob/main/generated/{{< latestcodegenversion >}}/README.adoc#federationdomain), which, under the hood: - Acts as an OIDC provider to the Pinniped CLI, creating a consistent interface for the CLI to use regardless of which protocol the Supervisor is using to talk to the external identity provider - Also acts as an OIDC provider to the workload cluster's Concierge component, which will receive JWT tokens @@ -417,7 +417,7 @@ The general steps required to create and configure a client in Okta are: ### Configure the Supervisor to use Okta as the external identity provider -Create an [OIDCIdentityProvider](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.20/README.adoc#oidcidentityprovider) and a Secret. +Create an [OIDCIdentityProvider](https://github.com/vmware-tanzu/pinniped/blob/main/generated/{{< latestcodegenversion >}}/README.adoc#oidcidentityprovider) and a Secret. ```sh # Replace the issuer's domain, the client ID, and client secret below. @@ -488,7 +488,7 @@ kubectl apply -f \ Configure the Concierge on the first workload cluster to trust the Supervisor's FederationDomain for authentication by creating a -[JWTAuthenticator](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.20/README.adoc#jwtauthenticator). +[JWTAuthenticator](https://github.com/vmware-tanzu/pinniped/blob/main/generated/{{< latestcodegenversion >}}/README.adoc#jwtauthenticator). ```sh # The audience value below is an arbitrary value which must uniquely diff --git a/site/themes/pinniped/layouts/shortcodes/latestcodegenversion.html b/site/themes/pinniped/layouts/shortcodes/latestcodegenversion.html new file mode 100644 index 00000000..359964ff --- /dev/null +++ b/site/themes/pinniped/layouts/shortcodes/latestcodegenversion.html @@ -0,0 +1 @@ +{{ .Site.Params.latest_codegen_version }} \ No newline at end of file