Benjamin A. Petersen
0c60e31d86
Update supervisor values.yaml to a schema doc. Make @nullable work
...
- see build.sh for documented script to run to generate:
ytt --file supervisor/config/values.yaml --data-values-schema-inspect --output openapi-v3 > supervisor/schema-openapi.yml
2023-09-06 14:08:01 -04:00
Benjamin A. Petersen
1d1b98f9a1
add some hacky scripts for generating things
2023-09-06 14:08:01 -04:00
Benjamin A. Petersen
9657719f9f
add concierge package, schema, metadata files
2023-09-06 14:08:01 -04:00
Benjamin A. Petersen
5c75734112
add supervisor package, schema, metadata files
2023-09-06 14:08:01 -04:00
Benjamin A. Petersen
aceef06873
WIP: add .imgpkg directories
2023-09-06 14:08:00 -04:00
Benjamin A. Petersen
550673b8dd
WIP: hack in a deploy_carvel/concierge directory, but strip out the deployment for simplicity
2023-09-06 14:08:00 -04:00
Benjamin A. Petersen
715a93d64a
WIP: hack in a deploy_carvel/supervisor directory, but strip out the deployment for simplicity
2023-09-06 14:07:53 -04:00
Joshua Casey
b14e86bb91
Merge pull request #1654 from vmware-tanzu/docs/configure-supervisor-with-azuread
...
Add docs for Supervisor with Azure AD
2023-09-06 12:33:51 -05:00
Joshua Casey
c3445a747d
Merge pull request #1650 from vmware-tanzu/ben/prepare-for-integration-tests.sh-improvements
...
Improve hack/prepare-for-integration-tests.sh flexibility
2023-09-06 12:30:12 -05:00
Benjamin A. Petersen
a5c481cf61
Add docs for Supervisor with Azure AD
...
- Note that Azure AD is being rebranded to Entra ID
2023-09-06 13:14:37 -04:00
Benjamin A. Petersen
fd1936c45f
Improve hack/prepare-for-integration-tests.sh flexibility
...
- move pushd/popd inside if statements for alternative-deploy methods
- add specific alternative-deploy vars for individual components
- supervisor
- concierge
- local-user-authenticator
while preserving the current alternative-deploy for all three
- doc that equals for flags does not work
--foo=bar is invalid
--foo bar is valid
2023-08-31 15:02:24 -04:00
Ben Petersen
fbeb45a1a0
Merge pull request #1648 from vmware-tanzu/jtc/do-not-fail-hack-script-without-KUBE_GIT_VERSION
...
Do not fail hack script without kube git version
2023-08-30 10:58:15 -04:00
Joshua Casey
23bd3e7cc9
Do not fail hack/prepare-for-integration-tests.sh without KUBE_GIT_VERSION
2023-08-29 19:58:23 -05:00
Joshua Casey
7cda8f4123
Do not fail when KUBE_GIT_VERSION is not set
2023-08-29 17:31:22 -05:00
Joshua Casey
a42e3edf56
Merge pull request #1646 from vmware-tanzu/jtc/support-k8s-1-21-and-up
...
Remove generated code prior to K8s 1.21
2023-08-29 16:29:32 -05:00
Joshua Casey
76933f69b9
Update comments to indicate support for newer versions of Kubernetes
2023-08-29 15:40:52 -05:00
Joshua Casey
5c9d26baeb
Remove generated code for K8s 1.17, 1.18, 1.19, and 1.20
...
- Kind 0.20.0 supports 1.21 through 1.28 (inclusive)
- https://github.com/kubernetes-sigs/kind/releases/tag/v0.20.0
2023-08-28 16:56:32 -05:00
Joshua Casey
9248db971a
Merge pull request #1634 from vmware-tanzu/jtc/1633/update-pinniped-cli-version-output
...
#1633 Update `pinniped version` output
2023-08-28 14:19:17 -05:00
Joshua Casey
2dcc149fee
Split off helper function
2023-08-28 12:14:14 -05:00
Joshua Casey
38230fc518
Use pversion to retrieve buildtime information
2023-08-28 11:54:27 -05:00
Joshua Casey
8edecffcc0
Merge pull request #1630 from vmware-tanzu/jtc/support-k8s-1-28
...
Support k8s 1.28
2023-08-28 11:49:18 -05:00
Joshua Casey
ca05969f8d
Integration tests should use 'kubectl explain --output plaintext-openapiv2'
...
- OpenAPIV3 discovery of aggregate APIs seems to need a little more work in K8s 1.28
2023-08-28 10:50:11 -05:00
Joshua Casey
1b504b6fbd
Expose OpenAPIv3 explanations
2023-08-28 10:50:11 -05:00
Joshua Casey
dfd3d5075d
Ensure that kubegenerator scripts are executable
2023-08-28 10:50:11 -05:00
Joshua Casey
c51722a121
Run K8s codegen, adding 1.28.0
2023-08-28 10:50:11 -05:00
Joshua Casey
23ec91dee0
K8s API Server audit events are no longer pointers
2023-08-28 10:50:10 -05:00
Joshua Casey
ccba159639
Update all golang dependencies, especially k8s.io (for 1.28)
2023-08-28 10:50:10 -05:00
Ryan Richard
20cfa0a207
Merge pull request #1631 from vmware-tanzu/which_service_doc
...
Update docs to clarify which Supervisor port to expose outside cluster
2023-08-22 10:43:53 -07:00
Ryan Richard
835b8a5333
Update docs to clarify which Supervisor port to expose outside cluster
2023-08-22 10:00:56 -07:00
Ben Petersen
decd40bc26
Merge pull request #1621 from vmware-tanzu/site/blog-post-tags
...
blog: clean up tags page
2023-08-15 15:07:31 -04:00
Benjamin A. Petersen
2891da25f5
blog: clean up tags page
2023-08-15 14:18:48 -04:00
Ben Petersen
c54933bf33
Merge pull request #1606 from vmware-tanzu/jtc/add-blog-post-for-v0.25.0
...
Add blog post for v0.25.0
2023-08-15 11:43:50 -04:00
Benjamin A. Petersen
820c565d21
blog: add multiple author support for posts
2023-08-15 11:37:11 -04:00
Benjamin A. Petersen
e5e8c13f23
blog: impersonation-proxy spelling, grammar
2023-08-15 11:37:11 -04:00
Benjamin A. Petersen
b81206c15d
blog: impersonation-proxy post updates
2023-08-14 11:42:26 -04:00
Benjamin A. Petersen
31c144261f
add author to blog list page
2023-08-14 11:42:26 -04:00
Joshua Casey
4d0da0a5b2
Add blog post for v0.25.0
2023-08-10 09:00:16 -05:00
Pinny
8c96616b51
Updated versions in docs for v0.25.0 release
2023-08-09 21:12:41 +00:00
Ben Petersen
c7b49d9b93
Merge pull request #1615 from vmware-tanzu/jtc/fix-double-decoding-of-ca-crt
...
Fix #1582 by not double-decoding the ca.crt field in external TLS secrets for the impersonation proxy
2023-08-09 14:25:13 -04:00
Joshua Casey
7f0d04dba6
Address PR feedback
2023-08-09 11:42:42 -05:00
Joshua Casey
1707995378
Fix #1582 by not double-decoding the ca.crt field in external TLS secrets for the impersonation proxy
2023-08-08 20:17:21 -05:00
Ben Petersen
f24f82b25b
Merge pull request #1607 from vmware-tanzu/pinny/bump-deps
...
Bump go.mod direct dependencies
2023-08-08 09:22:40 -04:00
Pinny
391c38057d
Bump go.mod direct dependencies
2023-08-08 08:03:24 +00:00
Joshua Casey
e2e9819c58
Merge pull request #1582 from vmware-tanzu/jtc/1547-poc
...
Add external certificate management for the Concierge Impersonation Proxy
2023-08-03 15:52:56 -05:00
Joshua Casey
dc61d132cf
Address PR feedback, especially to check that the CA bundle is some kind of valid cert
2023-08-03 14:57:21 -05:00
Joshua Casey
959f18b67b
Add integration test to verify that the impersonation proxy will use an external TLS serving cert
2023-08-03 14:57:21 -05:00
Joshua Casey
ee75a63057
Test Refactor: use explicit names for mTLS signing cert
2023-08-03 14:57:21 -05:00
Joshua Casey
bd035a180e
Impersonation proxy detects when the user has configured an externally provided TLS secret to serve TLS
...
- https://github.com/vmware-tanzu/pinniped/tree/main/proposals/1547_impersonation-proxy-external-certs
- https://joshuatcasey.medium.com/k8s-mtls-auth-with-tls-passthrough-1bc25e750f52
2023-08-03 14:57:21 -05:00
Joshua Casey
8df9033bfc
Add CredentialIssuer.Spec.ImpersonationProxy.TLS to configure an externally provided TLS secret
2023-08-03 14:57:21 -05:00
Joshua Casey
3e57716f0e
The impersonation controller should sync when any secret of type kubernetes.io/tls changes in the namespace
2023-08-03 14:57:21 -05:00