Commit Graph

3537 Commits

Author SHA1 Message Date
Ryan Richard
af7a1a1f58
Merge pull request #1696 from vmware-tanzu/contour_in_hack_prepare_supervisor
Optionally use Contour in hack/prepare-supervisor-on-kind.sh
2023-09-27 14:47:53 -07:00
Ryan Richard
0ab6311cf5 Optionally use Contour in hack/prepare-supervisor-on-kind.sh
Using Contour for ingress allows us to avoid using the hacky proxy
server approach. This makes it easy to use any web browser to complete
the login process, since there is no need to configure the proxy server
for the browser.
2023-09-27 12:32:49 -07:00
Ryan Richard
24069b56dc
Merge pull request #1695 from vmware-tanzu/fix_pod_shutdown_test_flake
fix flake seen in pod_shutdown_test.go
2023-09-27 07:23:45 -07:00
Ryan Richard
87b7ea14d5 fix flake seen in pod_shutdown_test.go 2023-09-26 14:06:04 -07:00
Ryan Richard
7513092432
Merge pull request #1693 from vmware-tanzu/concierge_pods_priorityClassName
Stop using deprecated critical-pod annotation
2023-09-26 14:05:23 -07:00
Ryan Richard
192553aed9 Stop using deprecated critical-pod annotation 2023-09-26 13:16:13 -07:00
Ben Petersen
d44882fddc
Merge pull request #1694 from vmware-tanzu/cli_login_page_errors
Same error messages shown in CLI's callback web page and in terminal
2023-09-26 14:54:01 -04:00
Ryan Richard
cede6403e1 Same error messages shown in CLI's callback web page and in terminal 2023-09-26 09:58:23 -07:00
Ryan Richard
e25ecea684
Merge pull request #1692 from vmware-tanzu/jtc/use-latest-controller-gen
Use latest controller-gen, which allows CEL validations
2023-09-26 09:56:42 -07:00
Joshua Casey
ac9887afdc Use latest controller-gen, which allows CEL validations 2023-09-25 15:58:32 -05:00
Ryan Richard
58c5146592
Merge pull request #1688 from vmware-tanzu/fix_shutdown_deadlock
Fix deadlock during shutdown which prevented leader election cleanup
2023-09-25 10:41:10 -07:00
Ryan Richard
5e06c6d5ad add integration test for graceful shutdowns which release leader leases 2023-09-25 09:51:17 -07:00
Ryan Richard
ca6c29e463 Fix deadlock during shutdown which prevented leader election cleanup
Before this fix, the deadlock would prevent the leader pod from giving
up its lease, which would make it take several minutes for new pods to
be allowed to elect a new leader. During that time, no Pinniped
controllers could write to the Kube API, so important resources were not
being updated during that window. It would also make pod shutdown take
about 1 minute.

After this fix, the leader gives up its lease immediately, and pod
shutdown takes about 1 second. This improves restart/upgrade time and
also fixes the problem where there was no leader for several minutes
after a restart/upgrade.

The deadlock was between the post-start hook and the pre-shutdown hook.
The pre-shutdown hook blocked until a certain background goroutine in
the post-start hook finished, but that goroutine could not finish until
the pre-shutdown hook finished. Thus, they were both blocked, waiting
for each other infinitely. Eventually the process would be externally
killed.

This deadlock was most likely introduced by some change in Kube's
generic api server package related to how the many complex channels used
during server shutdown interact with each other, and was not noticed
when we upgraded to the version which introduced the change.
2023-09-20 16:54:24 -07:00
Joshua Casey
1ac8691199
Merge pull request #1687 from vmware-tanzu/ben/site-blog-h1-swap-main-title
Update blog rendering to h1 the title (not h2)
2023-09-20 12:39:51 -05:00
Joshua Casey
4bb596e2cd
Merge pull request #1661 from vmware-tanzu/jtc/add-cicd-howto
Add CI/CD How-To
2023-09-20 12:17:43 -05:00
Benjamin A. Petersen
78a7d4deea
Update blog rendering to h1 the title (not h2) 2023-09-20 12:55:48 -04:00
Pinny
bed9a74b58 Updated versions in docs for v0.26.0 release 2023-09-19 22:56:05 +00:00
Ryan Richard
5af01bba4e
Merge pull request #1683 from vmware-tanzu/0.26_blog
add blog post for v0.26.0 release
2023-09-19 15:43:04 -07:00
Ryan Richard
9fe9753cbc add blog post for v0.26.0 release 2023-09-19 15:42:34 -07:00
Ben Petersen
cef5745d2d
Merge pull request #1684 from vmware-tanzu/okta_browser_login_flake
Trying to avoid test flake on Okta login page in browser
2023-09-19 13:27:29 -04:00
Ryan Richard
cd1e4bacf8 trying to avoid flake on Okta login page in browser 2023-09-19 08:58:22 -07:00
Joshua Casey
7de8f82295 Add CI/CD How-To
- https://github.com/vmware-tanzu/pinniped/discussions/1366
- https://www.pivotaltracker.com/story/show/184297690
2023-09-18 16:19:10 -05:00
Joshua Casey
62887a9cc8
Merge pull request #1682 from vmware-tanzu/exec_with_container_name
specify the container name when fetching keys from kube cert agent pod
2023-09-18 13:09:54 -05:00
Joshua Casey
c0e7a6ecbf
Merge branch 'main' into exec_with_container_name 2023-09-18 12:18:51 -05:00
Ryan Richard
465a0c3d80
Merge pull request #1674 from vmware-tanzu/pinny/bump-deps
Bump go.mod direct dependencies
2023-09-18 09:33:08 -07:00
Ryan Richard
4b4cc93ae7 specify the container name when fetching keys from kube cert agent pod
Avoid errors seen when the cluster has been configured to automatically
inject additional sidecar containers into every pod.
2023-09-18 09:19:57 -07:00
Joshua Casey
4a89a9fa16 Update LDAP integration tests for changes in github.com/go-ldap/ldap/v3 2023-09-18 10:45:32 -05:00
Joshua Casey
eb7a9f89e2 Bump k8s.io/kube-openapi and pin github.com/google/cel-go 2023-09-18 09:30:50 -05:00
Pinny
162041c794 Bump go.mod direct dependencies 2023-09-18 08:03:49 +00:00
Ryan Richard
0e7ef1637d
Merge pull request #1677 from vmware-tanzu/dependabot/go_modules/go.uber.org/zap-1.26.0
Bump go.uber.org/zap from 1.25.0 to 1.26.0
2023-09-14 21:37:05 -07:00
dependabot[bot]
91d5159743
Bump go.uber.org/zap from 1.25.0 to 1.26.0
Bumps [go.uber.org/zap](https://github.com/uber-go/zap) from 1.25.0 to 1.26.0.
- [Release notes](https://github.com/uber-go/zap/releases)
- [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/uber-go/zap/compare/v1.25.0...v1.26.0)

---
updated-dependencies:
- dependency-name: go.uber.org/zap
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-09-15 01:57:59 +00:00
Ryan Richard
efb53d3190
Merge pull request #1660 from vmware-tanzu/multiple_idps_and_transformations_docs
multiple idps and identity transformations docs
2023-09-14 15:17:34 -07:00
Ryan Richard
c97bb58e3c
Merge pull request #1675 from vmware-tanzu/update_k8s_libs
Update deps except for cel-go
2023-09-14 15:16:15 -07:00
Ryan Richard
3cecb62705 Keep the deps updated from previous commit but keep cel-go at 0.16.x
because newer cel-go versions will not compile with latest k8s libs
2023-09-14 15:15:35 -07:00
Pinny
52db01d8ef Bump go.mod direct dependencies 2023-09-14 15:15:35 -07:00
Ben Petersen
1d500ded67
Merge pull request #1676 from vmware-tanzu/update_k8s_versions_for_codegen
update kube-versions.txt for codegen
2023-09-14 16:48:41 -04:00
Ryan Richard
edc5f3fc15 update kube-versions.txt for codegen 2023-09-14 13:01:46 -07:00
Ryan Richard
54fb03153a multiple IDPs and identity transformations docs 2023-09-13 14:33:53 -07:00
Ryan Richard
06d456fc87
Merge pull request #1419 from vmware-tanzu/multiple_idps_and_transformations
Support multiple IDPs and identity transformations on Supervisor FederationDomains
2023-09-13 14:26:23 -07:00
Ryan Richard
5573c629b5 remove extra timeoutCtx for exec.CommandContext invocations in e2e test
These extra timeout contexts were only in the new multiple IDPs e2e
test. Remove this possible cause of test cleanup flakes where the test
runs slow enough in CI that this timeout context has already expired
and then the cleanup function fails with context deadline exceeded
errors.
2023-09-13 12:48:10 -07:00
Ryan Richard
2cecc17ef0 add celformer unit test demonstrating string regexp in CEL expressions 2023-09-13 12:31:00 -07:00
Ryan Richard
c52ed93bf8 make prepare-supervisor-on-kind.sh work with older versions of bash 2023-09-12 10:24:55 -07:00
Ryan Richard
84498d5a55 fix imports grouping in manager.go 2023-09-12 09:34:19 -07:00
Ryan Richard
8faf3b0e26 add workaround in update-codegen.sh for problem seen when run on linux 2023-09-11 13:07:05 -07:00
Ryan Richard
a7bd494ec3 update FederationDomain.status.conditions to come from metav1 2023-09-11 13:06:52 -07:00
Ryan Richard
b6f0dc3ba7 Fix conflicts caused from rebasing main into multiple IDPs branch 2023-09-11 11:15:40 -07:00
Ryan Richard
e2bdab9e2d add the IDP display name to the downstream ID token's sub claim
To make the subject of the downstream ID token more unique when
there are multiple IDPs. It is possible to define two IDPs in a
FederationDomain using the same identity provider CR, in which
case the only thing that would make the subject claim different
is adding the IDP display name into the values of the subject claim.
2023-09-11 11:15:40 -07:00
Ryan Richard
28210ab14d add units tests to token_handler_test.go 2023-09-11 11:15:40 -07:00
Ryan Richard
593d55ec09 run codegen again after rebasing main branch into feature branch 2023-09-11 11:15:37 -07:00
Ryan Richard
5ad7e9a8ca started add units tests for identity transforms to token_handler_test.go 2023-09-11 11:14:06 -07:00