djpbessems
/
ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
473 Commits 30 Branches 34 Tags 22 MiB
Commit Graph

473 Commits

Author SHA1 Message Date
Andrew Keesler 50258fc569
WIP: start to create kube-cert-agent pods in namespace 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-09-21 16:27:00 -04:00
Andrew Keesler e18b6fdddc
deploy: add kube-cert-agent deployment knobs 2020-09-21 14:16:32 -04:00
Andrew Keesler 5a608cc84c
Add kube-cert-agent controller for getting kube API keypair 2020-09-21 14:16:14 -04:00
Ryan Richard 49145791cc
Merge pull request #127 from vmware-tanzu/rename_stuff 
Rename many of resources that are created in Kubernetes by Pinniped
 2020-09-18 16:58:44 -07:00
Ryan Richard 6989e5da63 Merge branch 'main' into rename_stuff 2020-09-18 16:39:58 -07:00
Ryan Richard a2365b1cce Remove `-count 1` from unit test running in module.sh 2020-09-18 15:58:22 -07:00
Ryan Richard 80a520390b Rename many of resources that are created in Kubernetes by Pinniped 
New resource naming conventions:
- Do not repeat the Kind in the name,
  e.g. do not call it foo-cluster-role-binding, just call it foo
- Names will generally start with a prefix to identify our component,
  so when a user lists all objects of that kind, they can tell to which
  component it is related,
  e.g. `kubectl get configmaps` would list one named "pinniped-config"
- It should be possible for an operator to make the word "pinniped"
  mostly disappear if they choose, by specifying the app_name in
  values.yaml, to the extent that is practical (but not from APIService
  names because those are hardcoded in golang)
- Each role/clusterrole and its corresponding binding have the same name
- Pinniped resource names that must be known by the server golang code
  are passed to the code at run time via ConfigMap, rather than
  hardcoded in the golang code. This also allows them to be prepended
  with the app_name from values.yaml while creating the ConfigMap.
- Since the CLI `get-kubeconfig` command cannot guess the name of the
  CredentialIssuerConfig resource in advance anymore, it lists all
  CredentialIssuerConfig in the app's namespace and returns an error
  if there is not exactly one found, and then uses that one regardless
  of its name
 2020-09-18 15:56:50 -07:00
Matt Moyer 86e1c99dcd
Merge pull request #126 from mattmoyer/remove-old-apis 
Remove deprecated "pinniped.dev" API group.
 2020-09-18 17:52:14 -05:00
Matt Moyer 78ac27c262
Remove deprecated "pinniped.dev" API group. 
This has been replaced by the "login.pinniped.dev" group with a slightly different API.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-09-18 17:32:15 -05:00
Pinny f86a5244a6
Merge pull request #125 from mattmoyer/remove-old-apis 
Move CredentialIssuerConfig into new "config.pinniped.dev" API group.
 2020-09-18 16:55:09 -05:00
Matt Moyer 907ccb68f5
Move CredentialIssuerConfig into new "config.pinniped.dev" API group. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-09-18 16:38:45 -05:00
Matt Moyer 98490b1a1b
Merge pull request #124 from mattmoyer/add-vanity-imports 
Add Go vanity import paths.
 2020-09-18 15:18:32 -05:00
Matt Moyer 2d4d7e588a
Add Go vanity import paths. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-09-18 14:56:24 -05:00
Ryan Richard 24f962f1b8 Ignore a lint err in cli_test.go 2020-09-18 10:52:31 -07:00
Ryan Richard 2ecb43154b Enhance TestCLI integration test so it can catch mistakes with env vars 
- Also remove a log statement from a test which caused a lot of extra
  output when the tests are run with `go test -v`
 2020-09-18 10:27:15 -07:00
Ryan Richard dba951fe89
Note that CLI warning can be ignored in demo.md 2020-09-18 09:24:04 -07:00
Ryan Richard 245854b85a
Update demo.md 2020-09-18 09:11:56 -07:00
Andrew Keesler 5867f3699c
Merge pull request #123 from ankeesler/kubernetes-deep-equal 
internal/controller/issuerconfig: use Kubernetes DeepEqual
 2020-09-18 07:48:57 -04:00
Ryan Richard 7d5f57f923 PR template is not working, so trying moving it up one directory 2020-09-17 16:36:33 -07:00
Ryan Richard 2d497cbd36 Update the demo; most importantly remove the base64 decoding of the CA 
- The `webhook_ca_bundle` ytt value should be base64 encoded
 2020-09-17 16:08:45 -07:00
Ryan Richard eabe51c446 local-user-authenticator can be deployed from a private registry image 
- Also add more comment to the values.yaml files to make the options
  more clear
 2020-09-17 16:07:31 -07:00
Ryan Richard a479450940 CLI's `get-kubeconfig` subcommand now also sets PINNIPED_NAMESPACE env var 2020-09-17 16:05:56 -07:00
Andrew Keesler b523e5832c
internal/controller/issuerconfig: use Kubernetes DeepEqual 
I learned this here:
  https://github.com/kubernetes/apimachinery/issues/75#issuecomment-550150929

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-09-17 17:35:14 -04:00
Ryan Richard 079e07a51f
Fix mistake in ytt/kapp command in demo.md 2020-09-17 14:07:18 -07:00
Matt Moyer 025940d4f1
Merge pull request #121 from mattmoyer/switch-orgs 
Update module/package names to match GitHub org switch.
 2020-09-17 13:24:56 -05:00
Matt Moyer 8c9c1e206d
Update module/package names to match GitHub org switch. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-09-17 12:56:54 -05:00
Ryan Richard 4c9cbf0706 Remove mention of things not yet implemented from architecture.md 2020-09-17 09:10:35 -07:00
Matt Moyer a70a4766d2
Merge pull request #92 from suzerain-io/dependabot/docker/golang-1.15.2 
Bump golang from 1.15.1 to 1.15.2
 2020-09-17 10:24:04 -05:00
Matt Moyer 1741f832eb
Merge pull request #114 from mattmoyer/new-token-credential-request-api 
New "login.pinniped.dev/v1alpha1" group with TokenCredentialRequest API.
 2020-09-17 10:23:22 -05:00
Matt Moyer b3327d7522
Switch our client over to use the new TokenCredentialRequest API. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-09-17 09:52:23 -05:00
Matt Moyer 10793ac11f
Allow anonymous access to TokenCredentialRequests. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-09-17 09:52:23 -05:00
Matt Moyer 7ce760a5dd
Register a second APIService for the login.pinniped.dev. 
This is handled by a second instance of the APIServiceUpdaterController.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-09-17 09:52:23 -05:00
Matt Moyer af034befb0
Paramaterize the APIService name in apiServiceUpdaterController rather than hardcoding. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-09-17 09:52:23 -05:00
Matt Moyer a8487b78c9
Add some conversions to allow our REST handler to handle both old and new credential request APIs. 
Eventually we could refactor to remove support for the old APIs, but they are so similar that a single implementation seems to handle both easily.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-09-17 09:52:23 -05:00
Matt Moyer 58bf93b10c
Add a new login.pinniped.dev API group with TokenCredentialRequest. 
This is essentially meant to be be "v1alpha2" of the existing CredentialRequest API, but since we want to move API groups we can just start over at v1alpha1.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-09-17 09:52:22 -05:00
Andrew Keesler f464e03380
Generate code against 1.17.11 
We want to be able to run kind integration tests against the same
versions that we generate code against. There is no public
kindest/node image for 1.17.9, so let's update to the next 1.17.x
version where there is an image: 1.17.11.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-09-17 10:35:45 -04:00
Ryan Richard efbe3a26c1
Merge pull request #111 from suzerain-io/contributor_guide_updates 
Contributor guide updates
 2020-09-16 16:48:26 -07:00
Andrew Keesler 4f59d9286c Update community meeting link to one which requires a host to be present 
Signed-off-by: Ryan Richard <richardry@vmware.com>
 2020-09-16 16:39:59 -07:00
Andrew Keesler 6c75de9334 Use public container images for codegen as as defaults when deploying 
Signed-off-by: Ryan Richard <richardry@vmware.com>
 2020-09-16 15:46:51 -07:00
Ryan Richard f425eed07c Small edits to PR template file 2020-09-16 09:06:36 -07:00
Ryan Richard 7a975d98fb First draft of a PR template file. 2020-09-16 08:56:18 -07:00
Ryan Richard 635ecd7b1a Merge branch 'main' into contributor_guide_updates 2020-09-16 08:32:34 -07:00
dependabot[bot] 29305777bb
Bump golang from 1.15.1 to 1.15.2 
Bumps golang from 1.15.1 to 1.15.2.

Signed-off-by: dependabot[bot] <support@github.com>
 2020-09-16 14:59:35 +00:00
Andrew Keesler 6d0b83aabf
Merge pull request #113 from ankeesler/pinniped-copyright 
Pinniped copyright
 2020-09-16 10:58:40 -04:00
Andrew Keesler 6ba712d612
Fix copyright format in hack/header.txt 2020-09-16 10:42:26 -04:00
Andrew Keesler eab5c2b86b
Save 2 lines by using inline-style comments for Copyright 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-09-16 10:35:19 -04:00
Andrew Keesler e7b389ae6c
Update copyright to reference Pinniped contributors 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-09-16 10:05:51 -04:00
Ryan Richard e51e51dfd4 Add link to public Pinniped Biweekly Community Meeting agenda/notes doc 2020-09-15 18:19:20 -07:00
Ryan Richard cd0194cb68 Contributor guide updates 2020-09-15 17:59:40 -07:00
Ryan Richard a73f14e03d Revert "Fake README update to test a change to the PR pipeline" 
This reverts commit e3b8c3b611.
 2020-09-15 16:43:04 -07:00