Commit Graph

1749 Commits

Author SHA1 Message Date
Matt Moyer
63816aa3ba
Disable Content-Security-Policy for now.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-04-09 10:58:39 -05:00
Nanci Lancaster
e5314164c5
added search functionality to docs on Pinniped.dev
Signed-off-by: Nanci Lancaster <nancil@vmware.com>
2021-04-09 10:58:39 -05:00
Matt Moyer
abf606ab72
Merge pull request #563 from mattmoyer/cli-caching-enhancements
CLI cluster-specific credentials enhancements (followup to #562)
2021-04-08 16:48:48 -07:00
Matt Moyer
b59a4f3fec
Use a temporary directory for credential cache in CLI tests.
This avoids polluting the main cache directory on developer machines.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-04-08 18:14:21 -05:00
Matt Moyer
3b461572ea
Add cluster info to cache key for cluster-specific credential cache.
This isn't strictly necessary because we currently always have the concierge endpoint and CA as CLI flags, but it doesn't hurt and it's better to err on the side of _not_ reusing a cache entry.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-04-08 17:12:59 -05:00
Matt Moyer
271c006b6c
Add --credential-cache flag to "pinniped get kubeconfig" and tweak usage messages.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-04-08 16:57:18 -05:00
Matt Moyer
043cefcd9f
Merge pull request #562 from mattmoyer/add-cluster-credential-caching
Add cluster-specific credential caching to login subcommands.
2021-04-08 12:59:23 -07:00
Matt Moyer
2296faaeef
Add CLI caching of cluster-specific credentials.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-04-08 14:12:34 -05:00
Matt Moyer
fec24d307e
Fix missing normalization in pkg/oidcclient/filesession.
We have some nice normalization code in this package to remove expired or otherwise malformed cache entries, but we weren't calling it in the appropriate place.

Added calls to normalize the cache data structure before and after each transaction, and added test cases to ensure that it's being called.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-04-08 14:12:34 -05:00
Margo Crawford
64b13043ed
Merge pull request #561 from vmware-tanzu/Adding-OK-amba-to-adopters-file
Added Ok amba logo for adopters file
2021-04-08 11:51:40 -07:00
Nanci Lancaster
5501b5aa13
Added Ok amba logo for adopters file 2021-04-08 11:48:06 -05:00
Ryan Richard
9450048acf Fix lint error from previous commit 2021-04-05 15:14:24 -07:00
Andrew Keesler
c53507809d Rename dex namespace, add new ytt value to deploy/tools, and remove Tilt
- Rename the test/deploy/dex directory to test/deploy/tools
- Rename the dex namespace to tools
- Add a new ytt value called `pinny_ldap_password` for the tools
  ytt templates
- This new value is not used on main at this time. We intend to use
  it in the forthcoming ldap branch. We're defining it on main so
  that the CI scripts can use it across all branches and PRs.

Signed-off-by: Ryan Richard <richardry@vmware.com>
2021-04-05 15:01:49 -07:00
Matt Moyer
9cd2b6e855
Merge pull request #552 from mattmoyer/nicer-generated-kubeconfig-names
Generate more helpful context/cluster/user names in `pinniped get kubeconfig`
2021-04-05 11:35:07 -07:00
Matt Moyer
4e25bcd4b2
Generate more helpful context/cluster/user names in pinniped get kubeconfig
Before this change, the "context", "cluster", and "user" fields in generated kubeconfig YAML were always hardcoded to "pinniped". This could be confusing if you generated many kubeconfigs for different clusters.

After this change, the fields will be copied from their names in the original kubeconfig, suffixed with "-pinniped". This suffix can be overridden by setting the new `--generated-name-suffix` CLI flag.

The goal of this change is that you can distinguish between kubeconfigs generated for different clusters, as well as being able to distinguish between the Pinniped and original (admin) kubeconfigs for a cluster.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-04-05 12:36:02 -05:00
Matt Moyer
5add31d263
Merge pull request #545 from vmware-tanzu/dependabot/docker/golang-1.16.3
Bump golang from 1.16.2 to 1.16.3
2021-04-05 08:58:23 -07:00
Matt Moyer
88c4335b4b
Display blog posts in reverse order by date.
This is a minor style tweak.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-04-05 10:54:00 -05:00
Matt Moyer
623830bf1f
Fix a typo on the timezones on the website.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-04-05 10:50:10 -05:00
dependabot[bot]
30f476e1ac
Bump golang from 1.16.2 to 1.16.3
Bumps golang from 1.16.2 to 1.16.3.

Signed-off-by: dependabot[bot] <support@github.com>
2021-04-02 05:56:43 +00:00
Pinny
7b82b7a010 Update CLI docs for v0.7.0 release 2021-04-01 19:15:23 +00:00
Matt Moyer
44bf925c3e
Merge pull request #544 from mattmoyer/blog-post-v0.7.0
Add a blog post about the v0.7.0 release.
2021-04-01 11:03:09 -07:00
Matt Moyer
d2a6d7689f
Add a small note about our test grid, and mention some limitations of the first version.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-04-01 13:02:24 -05:00
Matt Moyer
23dbd7cab6
Extract out a common shortcode for the "join the community" blurb we put at the end of each blog post.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-04-01 11:55:17 -05:00
Matt Moyer
e4321cb369
Add v0.7.0 blog post.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-04-01 11:55:17 -05:00
Matt Moyer
ad66f67dc9
Rename existing posts for clarity.
This doesn't change the generated HTML at all, as far as I can tell.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-03-31 23:20:48 -05:00
Matt Moyer
55bc3dee7f
Merge pull request #543 from mattmoyer/fix-head-version-string-validation
Fix missing "v".
2021-03-31 14:54:26 -07:00
Ryan Richard
fdbeb213fb
Merge pull request #540 from vmware-tanzu/prepare-supervisor-on-kind.sh
Add hack/prepare-supervisor-on-kind.sh
2021-03-31 13:47:32 -07:00
Ryan Richard
1817d6c751
Merge branch 'main' into prepare-supervisor-on-kind.sh 2021-03-31 13:47:13 -07:00
Matt Moyer
476cc98e5a
Fix missing "v".
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-03-31 15:41:44 -05:00
Matt Moyer
4cbf4959f2
Merge pull request #542 from mattmoyer/fix-head-version-string-validation
Use "0.0.0" as our fake version instead of "?.?.?" to avoid a panic.
2021-03-31 13:36:22 -07:00
Matt Moyer
e4e4e686f6
Use "0.0.0" as our fake version instead of "?.?.?" to avoid a panic.
These values need to pass the validation in k8s.io/component-base/metrics: https://github.com/kubernetes/component-base/blob/v0.20.5/metrics/version_parser.go#L28-L50

Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-03-31 15:03:40 -05:00
Ryan Richard
d5be37673a
Merge branch 'main' into prepare-supervisor-on-kind.sh 2021-03-31 11:42:06 -07:00
Ryan Richard
7bb5657c4d Add hack/prepare-supervisor-on-kind.sh
A demo of running the Supervisor and Concierge on
a kind cluster. Can be used to quickly set up an
environment for manual testing.

Also added some missing copyright headers to other
hack scripts.
2021-03-31 11:39:10 -07:00
Matt Moyer
fe9f12a29c
Merge pull request #539 from mattmoyer/upgrade-kubernetes-deps
Upgrade to prereleased Kubernetes v1.20.5++ dependencies.
2021-03-31 11:21:54 -07:00
Matt Moyer
bea75bb7ac
Upgrade to prereleased Kubernetes v1.20.5++ dependencies.
These commits include security fixes (CVE-2021-3121) for code generated by github.com/gogo/protobuf.
We expect this fix to also land in v1.20.6, but we don't want to wait for it.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-03-31 12:53:41 -05:00
Matt Moyer
081de8da62
Merge pull request #538 from vmware-tanzu/dependabot/docker/debian-10.9-slim
Bump debian from 10.8-slim to 10.9-slim
2021-03-31 06:00:27 -07:00
dependabot[bot]
469f864de3
Bump debian from 10.8-slim to 10.9-slim
Bumps debian from 10.8-slim to 10.9-slim.

Signed-off-by: dependabot[bot] <support@github.com>
2021-03-31 05:41:15 +00:00
Margo Crawford
dc510792c4
Merge pull request #536 from vmware-tanzu/secret-deletion-not-found-flake
Do not error when trying to delete the TLS secret and you get a not found
2021-03-30 15:46:32 -07:00
Margo Crawford
8b6fe0ac70 Fix lint error 2021-03-30 14:53:26 -07:00
Margo Crawford
d47603472d Do not error when trying to delete the TLS secret and you get a not found 2021-03-30 14:44:06 -07:00
Matt Moyer
d4baeff94e
Merge pull request #534 from mattmoyer/deflake-categories-test-rate-limiting
Deflake TestGetPinnipedCategory.
2021-03-30 13:46:55 -07:00
Matt Moyer
210114dbe1
Merge pull request #535 from mattmoyer/deflake-impersonation-proxy-test-dns
Deflake TestImpersonationProxy (especially on EKS).
2021-03-30 12:31:44 -07:00
Matt Moyer
4ebd0f5f12
Deflake TestImpersonationProxy (especially on EKS).
This test could flake if the load balancer hostname was provisioned but is not yet resolving in DNS from the test process.

The fix is to retry this step for up to 5 minutes.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-03-30 13:48:53 -05:00
Matt Moyer
f02b39b80f
Deflake TestGetPinnipedCategory.
This test could fail when the cluster was under heavy load. This could cause kubectl to emit "Throttling request took [...]" logs that triggered a failure in the test.

The fix is to ignore these innocuous warnings.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-03-30 13:38:33 -05:00
Margo Crawford
608be8332e
Merge pull request #533 from vmware-tanzu/eks-load-balancer-annotation
Add annotation to make the idle timeout be over 1 hour rather than 1 minute
2021-03-30 11:12:54 -07:00
Margo Crawford
3742719427 Add annotation to make the idle timeout be over 1 hour rather than 1 minute
- Note that 4000 seconds is the maximum value that AWS allows.
2021-03-30 09:12:34 -07:00
Andrew Keesler
f00a02dcca
Merge pull request #529 from microwavables/main
updated adopters.md instructions and included logos from VMware Tanzu…
2021-03-29 16:16:02 -04:00
Nanci Lancaster
017c891fb8
Merge branch 'main' into main 2021-03-29 12:29:25 -05:00
Margo Crawford
d8baa43903 Add new non-idle timeout integration test for impersonation proxy
Signed-off-by: Ryan Richard <richardry@vmware.com>
2021-03-29 09:30:51 -07:00
Nanci Lancaster
5c741bc423
Merge pull request #1 from microwavables/Adding-in-TKG-and-TMC-to-Adopters
Updated adopters.md file to include TMC and TKG
2021-03-29 09:49:54 -05:00