Merge pull request #238 from jknostman3/patch-1

Update site demo to use pinniped-concierge namespace
This commit is contained in:
Matt Moyer 2020-11-20 17:15:26 -06:00 committed by GitHub
commit dfb6544171
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -122,7 +122,7 @@ as the identity provider.
1. Create a `WebhookAuthenticator` object to configure Pinniped to authenticate using local-user-authenticator.
```bash
cat <<EOF | kubectl create --namespace pinniped -f -
cat <<EOF | kubectl create --namespace pinniped-concierge -f -
apiVersion: authentication.concierge.pinniped.dev/v1alpha1
kind: WebhookAuthenticator
metadata:
@ -144,7 +144,7 @@ as the identity provider.
allow you to authenticate as the user that you created above.
```bash
pinniped get-kubeconfig --token "pinny-the-seal:password123" --authenticator-type webhook --authenticator-name local-user-authenticator > /tmp/pinniped-kubeconfig
pinniped get-kubeconfig --pinniped-namespace pinniped-concierge --token "pinny-the-seal:password123" --authenticator-type webhook --authenticator-name local-user-authenticator > /tmp/pinniped-kubeconfig
```
If you are using MacOS, you may get an error dialog that says
@ -163,7 +163,7 @@ as the identity provider.
the `pinny-the-seal` user.
```bash
kubectl --kubeconfig /tmp/pinniped-kubeconfig get pods -n pinniped
kubectl --kubeconfig /tmp/pinniped-kubeconfig get pods -n pinniped-concierge
```
Because this user has no RBAC permissions on this cluster, the previous command
@ -180,7 +180,7 @@ as the identity provider.
1. Use the generated kubeconfig to issue arbitrary `kubectl` commands as the `pinny-the-seal` user.
```bash
kubectl --kubeconfig /tmp/pinniped-kubeconfig get pods -n pinniped
kubectl --kubeconfig /tmp/pinniped-kubeconfig get pods -n pinniped-concierge
```
The user has permission to list pods, so the command succeeds this time.