Commit Graph

3357 Commits

Author SHA1 Message Date
Benjamin A. Petersen
0c60e31d86
Update supervisor values.yaml to a schema doc. Make @nullable work
- see build.sh for documented script to run to generate:
   ytt --file supervisor/config/values.yaml --data-values-schema-inspect --output openapi-v3 > supervisor/schema-openapi.yml
2023-09-06 14:08:01 -04:00
Benjamin A. Petersen
1d1b98f9a1
add some hacky scripts for generating things 2023-09-06 14:08:01 -04:00
Benjamin A. Petersen
9657719f9f
add concierge package, schema, metadata files 2023-09-06 14:08:01 -04:00
Benjamin A. Petersen
5c75734112
add supervisor package, schema, metadata files 2023-09-06 14:08:01 -04:00
Benjamin A. Petersen
aceef06873
WIP: add .imgpkg directories 2023-09-06 14:08:00 -04:00
Benjamin A. Petersen
550673b8dd
WIP: hack in a deploy_carvel/concierge directory, but strip out the deployment for simplicity 2023-09-06 14:08:00 -04:00
Benjamin A. Petersen
715a93d64a
WIP: hack in a deploy_carvel/supervisor directory, but strip out the deployment for simplicity 2023-09-06 14:07:53 -04:00
Joshua Casey
b14e86bb91
Merge pull request #1654 from vmware-tanzu/docs/configure-supervisor-with-azuread
Add docs for Supervisor with Azure AD
2023-09-06 12:33:51 -05:00
Joshua Casey
c3445a747d
Merge pull request #1650 from vmware-tanzu/ben/prepare-for-integration-tests.sh-improvements
Improve hack/prepare-for-integration-tests.sh flexibility
2023-09-06 12:30:12 -05:00
Benjamin A. Petersen
a5c481cf61
Add docs for Supervisor with Azure AD
- Note that Azure AD is being rebranded to Entra ID
2023-09-06 13:14:37 -04:00
Benjamin A. Petersen
fd1936c45f
Improve hack/prepare-for-integration-tests.sh flexibility
- move pushd/popd inside if statements for alternative-deploy methods
- add specific alternative-deploy vars for individual components
  - supervisor
  - concierge
  - local-user-authenticator
  while preserving the current alternative-deploy for all three
- doc that equals for flags does not work
  --foo=bar is invalid
  --foo bar is valid
2023-08-31 15:02:24 -04:00
Ben Petersen
fbeb45a1a0
Merge pull request #1648 from vmware-tanzu/jtc/do-not-fail-hack-script-without-KUBE_GIT_VERSION
Do not fail hack script without kube git version
2023-08-30 10:58:15 -04:00
Joshua Casey
23bd3e7cc9 Do not fail hack/prepare-for-integration-tests.sh without KUBE_GIT_VERSION 2023-08-29 19:58:23 -05:00
Joshua Casey
7cda8f4123 Do not fail when KUBE_GIT_VERSION is not set 2023-08-29 17:31:22 -05:00
Joshua Casey
a42e3edf56
Merge pull request #1646 from vmware-tanzu/jtc/support-k8s-1-21-and-up
Remove generated code prior to K8s 1.21
2023-08-29 16:29:32 -05:00
Joshua Casey
76933f69b9 Update comments to indicate support for newer versions of Kubernetes 2023-08-29 15:40:52 -05:00
Joshua Casey
5c9d26baeb Remove generated code for K8s 1.17, 1.18, 1.19, and 1.20
- Kind 0.20.0 supports 1.21 through 1.28 (inclusive)
- https://github.com/kubernetes-sigs/kind/releases/tag/v0.20.0
2023-08-28 16:56:32 -05:00
Joshua Casey
9248db971a
Merge pull request #1634 from vmware-tanzu/jtc/1633/update-pinniped-cli-version-output
#1633 Update `pinniped version` output
2023-08-28 14:19:17 -05:00
Joshua Casey
2dcc149fee Split off helper function 2023-08-28 12:14:14 -05:00
Joshua Casey
38230fc518 Use pversion to retrieve buildtime information 2023-08-28 11:54:27 -05:00
Joshua Casey
8edecffcc0
Merge pull request #1630 from vmware-tanzu/jtc/support-k8s-1-28
Support k8s 1.28
2023-08-28 11:49:18 -05:00
Joshua Casey
ca05969f8d Integration tests should use 'kubectl explain --output plaintext-openapiv2'
- OpenAPIV3 discovery of aggregate APIs seems to need a little more work in K8s 1.28
2023-08-28 10:50:11 -05:00
Joshua Casey
1b504b6fbd Expose OpenAPIv3 explanations 2023-08-28 10:50:11 -05:00
Joshua Casey
dfd3d5075d Ensure that kubegenerator scripts are executable 2023-08-28 10:50:11 -05:00
Joshua Casey
c51722a121 Run K8s codegen, adding 1.28.0 2023-08-28 10:50:11 -05:00
Joshua Casey
23ec91dee0 K8s API Server audit events are no longer pointers 2023-08-28 10:50:10 -05:00
Joshua Casey
ccba159639 Update all golang dependencies, especially k8s.io (for 1.28) 2023-08-28 10:50:10 -05:00
Ryan Richard
20cfa0a207
Merge pull request #1631 from vmware-tanzu/which_service_doc
Update docs to clarify which Supervisor port to expose outside cluster
2023-08-22 10:43:53 -07:00
Ryan Richard
835b8a5333 Update docs to clarify which Supervisor port to expose outside cluster 2023-08-22 10:00:56 -07:00
Ben Petersen
decd40bc26
Merge pull request #1621 from vmware-tanzu/site/blog-post-tags
blog: clean up tags page
2023-08-15 15:07:31 -04:00
Benjamin A. Petersen
2891da25f5
blog: clean up tags page 2023-08-15 14:18:48 -04:00
Ben Petersen
c54933bf33
Merge pull request #1606 from vmware-tanzu/jtc/add-blog-post-for-v0.25.0
Add blog post for v0.25.0
2023-08-15 11:43:50 -04:00
Benjamin A. Petersen
820c565d21
blog: add multiple author support for posts 2023-08-15 11:37:11 -04:00
Benjamin A. Petersen
e5e8c13f23
blog: impersonation-proxy spelling, grammar 2023-08-15 11:37:11 -04:00
Benjamin A. Petersen
b81206c15d
blog: impersonation-proxy post updates 2023-08-14 11:42:26 -04:00
Benjamin A. Petersen
31c144261f
add author to blog list page 2023-08-14 11:42:26 -04:00
Joshua Casey
4d0da0a5b2 Add blog post for v0.25.0 2023-08-10 09:00:16 -05:00
Pinny
8c96616b51 Updated versions in docs for v0.25.0 release 2023-08-09 21:12:41 +00:00
Ben Petersen
c7b49d9b93
Merge pull request #1615 from vmware-tanzu/jtc/fix-double-decoding-of-ca-crt
Fix #1582 by not double-decoding the ca.crt field in external TLS secrets for the impersonation proxy
2023-08-09 14:25:13 -04:00
Joshua Casey
7f0d04dba6 Address PR feedback 2023-08-09 11:42:42 -05:00
Joshua Casey
1707995378 Fix #1582 by not double-decoding the ca.crt field in external TLS secrets for the impersonation proxy 2023-08-08 20:17:21 -05:00
Ben Petersen
f24f82b25b
Merge pull request #1607 from vmware-tanzu/pinny/bump-deps
Bump go.mod direct dependencies
2023-08-08 09:22:40 -04:00
Pinny
391c38057d Bump go.mod direct dependencies 2023-08-08 08:03:24 +00:00
Joshua Casey
e2e9819c58
Merge pull request #1582 from vmware-tanzu/jtc/1547-poc
Add external certificate management for the Concierge Impersonation Proxy
2023-08-03 15:52:56 -05:00
Joshua Casey
dc61d132cf Address PR feedback, especially to check that the CA bundle is some kind of valid cert 2023-08-03 14:57:21 -05:00
Joshua Casey
959f18b67b Add integration test to verify that the impersonation proxy will use an external TLS serving cert 2023-08-03 14:57:21 -05:00
Joshua Casey
ee75a63057 Test Refactor: use explicit names for mTLS signing cert 2023-08-03 14:57:21 -05:00
Joshua Casey
bd035a180e Impersonation proxy detects when the user has configured an externally provided TLS secret to serve TLS
- https://github.com/vmware-tanzu/pinniped/tree/main/proposals/1547_impersonation-proxy-external-certs
- https://joshuatcasey.medium.com/k8s-mtls-auth-with-tls-passthrough-1bc25e750f52
2023-08-03 14:57:21 -05:00
Joshua Casey
8df9033bfc Add CredentialIssuer.Spec.ImpersonationProxy.TLS to configure an externally provided TLS secret 2023-08-03 14:57:21 -05:00
Joshua Casey
3e57716f0e The impersonation controller should sync when any secret of type kubernetes.io/tls changes in the namespace 2023-08-03 14:57:21 -05:00