Merge pull request #1047 from vmware-tanzu/docs-k8s-codegen-version

Update docs to reference the latest k8s codegen version
This commit is contained in:
Margo Crawford 2022-03-03 11:14:33 -08:00 committed by GitHub
commit b987783c62
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 16 additions and 14 deletions

View File

@ -8,6 +8,7 @@ params:
slack_url: "https://kubernetes.slack.com/messages/pinniped" slack_url: "https://kubernetes.slack.com/messages/pinniped"
community_url: "https://go.pinniped.dev/community" community_url: "https://go.pinniped.dev/community"
latest_version: v0.14.0 latest_version: v0.14.0
latest_codegen_version: 1.23
pygmentsCodefences: true pygmentsCodefences: true
pygmentsStyle: "pygments" pygmentsStyle: "pygments"
markup: markup:

View File

@ -48,7 +48,7 @@ Pinniped supports the following IDPs.
1. Any Active Directory identity provider (via LDAP). 1. Any Active Directory identity provider (via LDAP).
The The
[`idp.supervisor.pinniped.dev`](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.20/README.adoc#k8s-api-idp-supervisor-pinniped-dev-v1alpha1) [`idp.supervisor.pinniped.dev`](https://github.com/vmware-tanzu/pinniped/blob/main/generated/{{< latestcodegenversion >}}/README.adoc#k8s-api-idp-supervisor-pinniped-dev-v1alpha1)
API group contains the Kubernetes custom resources that configure the Pinniped API group contains the Kubernetes custom resources that configure the Pinniped
Supervisor's upstream IDPs. Supervisor's upstream IDPs.
@ -83,7 +83,7 @@ Pinniped supports the following authenticator types.
set on the `kube-apiserver` process. set on the `kube-apiserver` process.
The The
[`authentication.concierge.pinniped.dev`](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.20/README.adoc#k8s-api-authentication-concierge-pinniped-dev-v1alpha1) [`authentication.concierge.pinniped.dev`](https://github.com/vmware-tanzu/pinniped/blob/main/generated/{{< latestcodegenversion >}}/README.adoc#k8s-api-authentication-concierge-pinniped-dev-v1alpha1)
API group contains the Kubernetes custom resources that configure the Pinniped API group contains the Kubernetes custom resources that configure the Pinniped
Concierge's authenticators. Concierge's authenticators.

View File

@ -22,7 +22,7 @@ and that you have [configured a FederationDomain to issue tokens for your downst
## Configure the Supervisor cluster ## Configure the Supervisor cluster
Create an [ActiveDirectoryIdentityProvider](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.20/README.adoc#activedirectoryidentityprovider) in the same namespace as the Supervisor. Create an [ActiveDirectoryIdentityProvider](https://github.com/vmware-tanzu/pinniped/blob/main/generated/{{< latestcodegenversion >}}/README.adoc#activedirectoryidentityprovider) in the same namespace as the Supervisor.
### ActiveDirectoryIdentityProvider with default options ### ActiveDirectoryIdentityProvider with default options

View File

@ -71,7 +71,7 @@ staticClients:
## Configure the Supervisor ## Configure the Supervisor
Create an [OIDCIdentityProvider](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.20/README.adoc#oidcidentityprovider) resource in the same namespace as the Supervisor. Create an [OIDCIdentityProvider](https://github.com/vmware-tanzu/pinniped/blob/main/generated/{{< latestcodegenversion >}}/README.adoc#oidcidentityprovider) resource in the same namespace as the Supervisor.
For example, the following OIDCIdentityProvider and the corresponding Secret use Dex's `email` claim as the Kubernetes username: For example, the following OIDCIdentityProvider and the corresponding Secret use Dex's `email` claim as the Kubernetes username:

View File

@ -41,7 +41,7 @@ For example, to create a user-owned application:
## Configure the Supervisor cluster ## Configure the Supervisor cluster
Create an [OIDCIdentityProvider](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.20/README.adoc#oidcidentityprovider) in the same namespace as the Supervisor. Create an [OIDCIdentityProvider](https://github.com/vmware-tanzu/pinniped/blob/main/generated/{{< latestcodegenversion >}}/README.adoc#oidcidentityprovider) in the same namespace as the Supervisor.
For example, this OIDCIdentityProvider and corresponding Secret for [gitlab.com](https://gitlab.com) use the `nickname` claim (GitLab username) as the Kubernetes username: For example, this OIDCIdentityProvider and corresponding Secret for [gitlab.com](https://gitlab.com) use the `nickname` claim (GitLab username) as the Kubernetes username:

View File

@ -45,7 +45,7 @@ Here are some good resources to review while setting up and using JumpCloud's LD
## Configure the Supervisor cluster ## Configure the Supervisor cluster
Create an [LDAPIdentityProvider](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.20/README.adoc#ldapidentityprovider) in the same namespace as the Supervisor. Create an [LDAPIdentityProvider](https://github.com/vmware-tanzu/pinniped/blob/main/generated/{{< latestcodegenversion >}}/README.adoc#ldapidentityprovider) in the same namespace as the Supervisor.
For example, this LDAPIdentityProvider configures the LDAP entry's `uid` as the Kubernetes username, For example, this LDAPIdentityProvider configures the LDAP entry's `uid` as the Kubernetes username,
and the `cn` (common name) of each group to which the user belongs as the Kubernetes group names. and the `cn` (common name) of each group to which the user belongs as the Kubernetes group names.

View File

@ -49,7 +49,7 @@ For example, to create an app:
## Configure the Supervisor ## Configure the Supervisor
Create an [OIDCIdentityProvider](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.20/README.adoc#oidcidentityprovider) in the same namespace as the Supervisor. Create an [OIDCIdentityProvider](https://github.com/vmware-tanzu/pinniped/blob/main/generated/{{< latestcodegenversion >}}/README.adoc#oidcidentityprovider) in the same namespace as the Supervisor.
For example, this OIDCIdentityProvider and corresponding Secret use Okta's `email` claim as the Kubernetes username: For example, this OIDCIdentityProvider and corresponding Secret use Okta's `email` claim as the Kubernetes username:

View File

@ -185,7 +185,7 @@ kubectl apply -f openldap.yaml
## Configure the Supervisor cluster ## Configure the Supervisor cluster
Create an [LDAPIdentityProvider](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.20/README.adoc#ldapidentityprovider) in the same namespace as the Supervisor. Create an [LDAPIdentityProvider](https://github.com/vmware-tanzu/pinniped/blob/main/generated/{{< latestcodegenversion >}}/README.adoc#ldapidentityprovider) in the same namespace as the Supervisor.
For example, this LDAPIdentityProvider configures the LDAP entry's `uid` as the Kubernetes username, For example, this LDAPIdentityProvider configures the LDAP entry's `uid` as the Kubernetes username,
and the `cn` (common name) of each group to which the user belongs as the Kubernetes group names. and the `cn` (common name) of each group to which the user belongs as the Kubernetes group names.

View File

@ -11,7 +11,7 @@ menu:
--- ---
This describes the default values for the `ActiveDirectoryIdentityProvider` user and group search. For more about `ActiveDirectoryIdentityProvider` This describes the default values for the `ActiveDirectoryIdentityProvider` user and group search. For more about `ActiveDirectoryIdentityProvider`
configuration, see [the API reference documentation](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.20/README.adoc#activedirectoryidentityprovider). configuration, see [the API reference documentation](https://github.com/vmware-tanzu/pinniped/blob/main/generated/{{< latestcodegenversion >}}/README.adoc#activedirectoryidentityprovider).
### `spec.userSearch.base` ### `spec.userSearch.base`

View File

@ -9,4 +9,4 @@ menu:
weight: 35 weight: 35
parent: reference parent: reference
--- ---
Full API reference documentation for the Pinniped Kubernetes API is available [on GitHub](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.23/README.adoc). Full API reference documentation for the Pinniped Kubernetes API is available [on GitHub](https://github.com/vmware-tanzu/pinniped/blob/main/generated/{{< latestcodegenversion >}}/README.adoc).

View File

@ -30,7 +30,7 @@ Most managed Kubernetes services do not support this.
2. Impersonation Proxy: Can be run on any Kubernetes cluster. Default configuration requires that a `LoadBalancer` service can be created. Most cloud-hosted Kubernetes environments have this 2. Impersonation Proxy: Can be run on any Kubernetes cluster. Default configuration requires that a `LoadBalancer` service can be created. Most cloud-hosted Kubernetes environments have this
capability. The Impersonation Proxy automatically provisions (when `spec.impersonationProxy.mode` is set to `auto`) a `LoadBalancer` for ingress to the impersonation endpoint. Users who wish to use the impersonation proxy without an automatically capability. The Impersonation Proxy automatically provisions (when `spec.impersonationProxy.mode` is set to `auto`) a `LoadBalancer` for ingress to the impersonation endpoint. Users who wish to use the impersonation proxy without an automatically
configured `LoadBalancer` can do so with an automatically provisioned `ClusterIP` or with a Service that they provision themselves. These options configured `LoadBalancer` can do so with an automatically provisioned `ClusterIP` or with a Service that they provision themselves. These options
can be configured in the spec of the [`CredentialIssuer`](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.20/README.adoc#credentialissuer). can be configured in the spec of the [`CredentialIssuer`](https://github.com/vmware-tanzu/pinniped/blob/main/generated/{{< latestcodegenversion >}}/README.adoc#credentialissuer).
If a cluster is capable of supporting both strategies, the Pinniped CLI will use the If a cluster is capable of supporting both strategies, the Pinniped CLI will use the
token credential request API strategy by default. token credential request API strategy by default.

View File

@ -361,7 +361,7 @@ kubectl get secret supervisor-tls-cert \
### Configure a FederationDomain in the Pinniped Supervisor ### Configure a FederationDomain in the Pinniped Supervisor
The Supervisor should be configured to have a [FederationDomain](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.20/README.adoc#federationdomain), which, under the hood: The Supervisor should be configured to have a [FederationDomain](https://github.com/vmware-tanzu/pinniped/blob/main/generated/{{< latestcodegenversion >}}/README.adoc#federationdomain), which, under the hood:
- Acts as an OIDC provider to the Pinniped CLI, creating a consistent interface for the CLI to use regardless - Acts as an OIDC provider to the Pinniped CLI, creating a consistent interface for the CLI to use regardless
of which protocol the Supervisor is using to talk to the external identity provider of which protocol the Supervisor is using to talk to the external identity provider
- Also acts as an OIDC provider to the workload cluster's Concierge component, which will receive JWT tokens - Also acts as an OIDC provider to the workload cluster's Concierge component, which will receive JWT tokens
@ -417,7 +417,7 @@ The general steps required to create and configure a client in Okta are:
### Configure the Supervisor to use Okta as the external identity provider ### Configure the Supervisor to use Okta as the external identity provider
Create an [OIDCIdentityProvider](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.20/README.adoc#oidcidentityprovider) and a Secret. Create an [OIDCIdentityProvider](https://github.com/vmware-tanzu/pinniped/blob/main/generated/{{< latestcodegenversion >}}/README.adoc#oidcidentityprovider) and a Secret.
```sh ```sh
# Replace the issuer's domain, the client ID, and client secret below. # Replace the issuer's domain, the client ID, and client secret below.
@ -488,7 +488,7 @@ kubectl apply -f \
Configure the Concierge on the first workload cluster to trust the Supervisor's Configure the Concierge on the first workload cluster to trust the Supervisor's
FederationDomain for authentication by creating a FederationDomain for authentication by creating a
[JWTAuthenticator](https://github.com/vmware-tanzu/pinniped/blob/main/generated/1.20/README.adoc#jwtauthenticator). [JWTAuthenticator](https://github.com/vmware-tanzu/pinniped/blob/main/generated/{{< latestcodegenversion >}}/README.adoc#jwtauthenticator).
```sh ```sh
# The audience value below is an arbitrary value which must uniquely # The audience value below is an arbitrary value which must uniquely

View File

@ -0,0 +1 @@
{{ .Site.Params.latest_codegen_version }}