Commit Graph

208 Commits

Author SHA1 Message Date
Ryan Richard
02a27e0186 Add docs for dynamic clients 2022-08-11 14:35:18 -07:00
Ryan Richard
8c7fbd2c0c pause community meeting for a little while 2022-07-25 12:07:18 -07:00
Monis Khan
1e56968491
Update current maintainers ✌️👋🫡
Signed-off-by: Monis Khan <mok@vmware.com>
2022-07-21 18:07:54 -04:00
Ryan Richard
484c8f4bf3
Merge pull request #1183 from anjaltelang/main
Blog for v0.18.0
2022-06-08 15:14:31 -07:00
Ryan Richard
221f174768
Update v0.18.0 blog post date 2022-06-08 15:14:02 -07:00
Pinny
3ebf5ad4c3 Updated versions in docs for v0.18.0 release 2022-06-08 22:13:13 +00:00
Anjali Telang
52bbbcf7e8 margo's suggestions 2022-06-06 17:03:52 -04:00
Ryan Richard
fd9d641b5c Add doc for PINNIPED_UPSTREAM_IDENTITY_PROVIDER_FLOW env var 2022-06-06 09:47:50 -07:00
Ryan Richard
39fd9ba270 Small refactors and comments for LDAP/AD UI 2022-05-19 16:02:08 -07:00
Ryan Richard
0f2a984308 Merge branch 'main' into ldap-login-ui 2022-05-11 11:32:15 -07:00
Ryan Richard
4101a55001 Update docs for new LDAP/AD browser-based login flow
Also fix some comments that didn't fit onto one line in the yaml
examples, be consistent about putting a blank line above `---` yaml
separators, and some other small doc improvements.
2022-05-11 11:19:08 -07:00
Pinny
afc73221d6 Updated versions in docs for v0.17.0 release 2022-05-06 19:28:56 +00:00
Ryan Richard
793b8b9260
Merge pull request #1121 from anjaltelang/main
v0.16.0 Blog
2022-04-20 11:54:20 -07:00
Pinny
4071b48f01 Updated versions in docs for v0.16.0 release 2022-04-20 18:52:59 +00:00
Ryan Richard
46e61bdea9
Update 2022-04-15-fips-and-more.md
Update release date
2022-04-20 10:56:21 -07:00
Anjali Telang
9e5d4ae51c Blog for v0.16.0
Signed-off-by: Anjali Telang <atelang@vmware.com>
2022-04-19 14:16:45 -04:00
Margo Crawford
96c705bf94 document how to use the fips dockerfile on our website
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-04-13 12:45:58 -07:00
Ryan Richard
51c527a965 Change to camel-case for insecureAcceptExternalUnencryptedHttpRequests
- Use camel-case in the static configmap
- Parse the value into a boolean in the go struct instead of a string
- Add test for when unsupported value is used in the configmap
- Run the config_test.go tests in parallel
- Update some paragraphs in configure-supervisor.md for clarity
2022-03-31 16:23:45 -07:00
Ryan Richard
3592f80457 Merge branch 'main' into disable_http 2022-03-28 17:03:59 -07:00
Ryan Richard
488f08dd6e Provide a way to override the new HTTP loopback-only validation
Add new deprecated_insecure_accept_external_unencrypted_http_requests
value in values.yaml. Allow it to be a boolean or a string to make it
easier to use (both --data-value and --data-value-yaml will work).

Also:
- Consider "ip6-localhost" and "ip6-loopback" to be loopback addresses
  for the validation
- Remove unused env.SupervisorHTTPAddress var
- Deprecate the `service_http_*` values in values.yaml by renaming them
  and causing a ytt render error when the old names are used
2022-03-28 17:03:23 -07:00
Monis Khan
57fb085bef
Add Workspace ONE Access docs
Signed-off-by: Monis Khan <mok@vmware.com>
2022-03-24 20:17:54 -04:00
Ryan Richard
8d12c1b674 HTTP listener: default disabled and may only bind to loopback interfaces 2022-03-24 15:46:10 -07:00
Nigel Brown
b5be8c6c9b Update _index.html
Add current community meeting info
2022-03-21 13:08:54 -05:00
Mo Khan
853cc753b8
Merge pull request #1024 from anjaltelang/main
Blog changes for Group refresh
2022-03-04 13:28:18 -05:00
Pinny
cdfb3b75cb Updated versions in docs for v0.15.0 release 2022-03-04 17:36:24 +00:00
Pinny
89e68489ea Updated versions in docs for v0.14.0 release 2022-03-03 21:57:36 +00:00
Mo Khan
eec5f0fa26
Fix v0.15.0 release link 2022-03-03 15:28:01 -05:00
Ryan Richard
7e8eba3244
Update 2022-01-18-idp-refresh-tls-ciphers-for-compliance.md 2022-03-03 12:23:42 -08:00
Margo Crawford
b8bdfa1b9a Update docs to reference the latest k8s codegen version
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-03-03 10:36:42 -08:00
Anjali Telang
27f04e9ab9 Blog changes for Group refresh
Signed-off-by: Anjali Telang <atelang@vmware.com>
2022-03-03 12:49:01 -05:00
Mo Khan
be2aee957c
Bump API docs to 1.23
Seems like this should be automated.
2022-03-02 09:04:41 -05:00
Mo Khan
c4ae5cfebb
Merge pull request #1003 from enj/enj/d/dex_password
Update dex docs regarding password grant
2022-02-15 15:45:54 -05:00
Ryan Richard
0175445ece Merge branch 'main' into gke_tutorial 2022-02-15 09:22:52 -08:00
Ryan Richard
f728ea743f Add --ignore-not-found to delete Supervisor app command 2022-02-15 09:04:47 -08:00
Ryan Richard
230e563ab7 Another draft of the new tutorial guide 2022-02-14 17:23:57 -08:00
Monis Khan
a21a5bca1e
Update dex docs regarding password grant
Signed-off-by: Monis Khan <mok@vmware.com>
2022-02-13 12:48:20 -05:00
Ryan Richard
05ec8cba8c Add a new subheading to the tutorial doc 2022-02-11 17:16:40 -08:00
Ryan Richard
e57a1a7891 Overwrite the old Supervisor+Concierge tutorial with the new one
And make it easier for web site readers to find by adding prominent
links to it from several places.
2022-02-11 17:03:13 -08:00
Mo Khan
2c0b5b733b
Bump site latest_version to v0.14.0 2022-02-10 16:13:39 -05:00
Ryan Richard
c56ef5c40c First draft of a Supervisor on GKE + Concierge on GKE tutorial
Including ingress, DNS, cert-manager + letsencrypt for TLS certs,
Okta, multiple workload clusters, etc.
2022-02-09 17:13:40 -08:00
Nanci Lancaster
d728c89ba6
updated search functionality of docs on site
Signed-off-by: Nanci Lancaster <nancil@vmware.com>
2022-02-09 11:01:37 -05:00
Margo Crawford
3b1153cd91 Update latest version to v0.13.0 2022-01-21 15:19:40 -08:00
anjalitelang
6590230bcd
Merge pull request #954 from anjaltelang/main
Blog for v0.13.0
2022-01-21 15:17:18 -08:00
Pinny
4f06cd3c2e Update CLI docs for v0.13.0 release 2022-01-21 23:12:12 +00:00
Margo Crawford
dea9bf9b90
Merge pull request #970 from vmware-tanzu/kubectl-apply-resources
When instructing users how to install the concierge with kubectl apply,
2022-01-21 13:36:52 -08:00
Margo Crawford
726e88ea03 When instructing users how to install the concierge with kubectl apply,
reccommend using install-pinniped-concierge-crds.yaml, then
install-pinniped-concierge-resources.yaml.

Previously we recommended install-pinniped-concierge-crds (a subset),
then install-pinniped-concierge (everything concierge related, including
the crds). This works fine for install, but not uninstall. Instead we
should use a separate yaml file that contains everything in
install-pinniped-concierge but *not* in install-pinniped-concierge-crds.

We have been generating this file in CI since a5ced4286b6febc7474b7adee34eeb1b62ec82b7
but we haven't released since then so we haven't been able to recommend
its use.
2022-01-21 10:26:45 -08:00
Margo Crawford
62a8967db1 Request offline_access in the concierge with supervisor demo
It's a generic config and not OIDC provider specific
but since most providers require it it seems like the
best default.
2022-01-21 09:58:04 -08:00
Monis Khan
1e1789f6d1
Allow configuration of supervisor endpoints
This change allows configuration of the http and https listeners
used by the supervisor.

TCP (IPv4 and IPv6 with any interface and port) and Unix domain
socket based listeners are supported.  Listeners may also be
disabled.

Binding the http listener to TCP addresses other than 127.0.0.1 or
::1 is deprecated.

The deployment now uses https health checks.  The supervisor is
always able to complete a TLS connection with the use of a bootstrap
certificate that is signed by an in-memory certificate authority.

To support sidecar containers used by service meshes, Unix domain
socket based listeners include ACLs that allow writes to the socket
file from any runAsUser specified in the pod's containers.

Signed-off-by: Monis Khan <mok@vmware.com>
2022-01-18 17:43:45 -05:00
Nanci Lancaster
e31a410096 Updated community and resources pages 2021-12-16 16:02:47 -06:00
Ryan Richard
aa361a70a7 clarifications to code walkthrough doc 2021-12-03 10:50:02 -08:00