djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

backtick changes

Browse Source 
Co-authored-by: Ryan Richard <richardry@vmware.com>
This commit is contained in:
Smeet nagda 2023-06-01 22:25:24 +05:30 committed by GitHub
parent 6cbfde95ec
commit c9d54de91a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
site/content/docs/reference/supported-clusters.md
View File

@ -38,5 +38,5 @@ token credential request API strategy by default.
To choose the strategy to use with the concierge, use the `--concierge-mode` flag with `pinniped get kubeconfig`.
Possible values are `ImpersonationProxy` and `TokenCredentialRequestAPI`.
Do not use the command line option `--anonymous-auth=false` in the `kube-apiserver` CLI for a cluster that does not use `impersonation proxy`. This is because the `kube-apiserver` blocks unauthenticated access to `TokenCredentialRequest` API of the Concierge.
This does not matter while using `impersonation proxy`, which will allow these TokenCredentialRequests requests anyway.
Do not use the command line option `--anonymous-auth=false` in the `kube-apiserver` CLI for a cluster that does not use the impersonation proxy strategy. This is because the `kube-apiserver` blocks unauthenticated access to the TokenCredentialRequest API of the Concierge, which will prevent users from being able to authenticate.
This does not matter while using the impersonation proxy strategy, which will allow these TokenCredentialRequests requests anyway.