Margo Crawford
75dd98a965
Integration test for impersonation proxy cluster ip
2021-05-25 13:50:50 -07:00
Matt Moyer
fabc08b01b
Merge branch 'main' of github.com:vmware-tanzu/pinniped into credentialissuer-spec-api
2021-05-24 15:49:13 -05:00
Matt Moyer
468463ce1d
Merge pull request #635 from mattmoyer/fix-docs-version-to-better-default
...
Replace all references to "a specific version" with v0.8.0.
2021-05-24 14:25:48 -05:00
Matt Moyer
520eb43bfd
Replace all references to "a specific version" with v0.8.0.
...
The documentation was a bit confusing before, and it was easy to accidentally install a very outdated version if you weren't reading carefully.
We could consider writing a post-release CI job to update these references automatically (perhaps using a Hugo macro?), but for now a manual update seems sufficient.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-05-24 11:50:16 -05:00
Margo Crawford
5de9bac4ac
Oof... good I wrote an integration test because that's not how updating works!
...
Now updating the existing service in kubernetes but with the new
annotations
2021-05-24 09:41:49 -07:00
Matt Moyer
523a8d432f
Merge pull request #616 from vmware-tanzu/okta-supervisor-docs
...
Add doc for configuring the supervisor with okta
2021-05-24 10:34:02 -05:00
Matt Moyer
1ab1d41735
Minor cleanups on the new Supervisor+Okta docs page.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-05-24 10:31:06 -05:00
Margo Crawford
36168122cc
Add doc for configuring the supervisor with okta
2021-05-24 10:30:50 -05:00
Margo Crawford
150e879a68
Add tests for deleting services
2021-05-21 13:47:06 -07:00
Margo Crawford
722aa72206
Integration test tests update functionality
2021-05-21 10:19:33 -07:00
Matt Moyer
2d0cb16239
Merge pull request #631 from mattmoyer/remove-openapi-codegen
...
Stop generating zz_generated.openapi.go files.
2021-05-21 12:19:09 -05:00
Margo Crawford
b4bb0db6e5
Refactor some shared code between load balancer and cluster ip creation
2021-05-21 09:57:46 -07:00
Matt Moyer
fd9d9b8c73
Stop generating zz_generated.openapi.go files.
...
It turns out we no longer need these and can skip this bit of code generation.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-05-21 11:16:59 -05:00
Matt Moyer
44f6fd4437
Merge pull request #630 from mattmoyer/20210521-dependency-updates
...
Upgrade Go module dependencies
2021-05-21 11:12:03 -05:00
Matt Moyer
f0d5923091
Downgrade k8s.io/kube-openapi back to a previous version.
...
9b07d72531...00de3ae54c
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-05-21 10:42:39 -05:00
Matt Moyer
85ebaa96d5
Upgrade k8s.io/kube-openapi dependency.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-05-21 10:11:26 -05:00
Matt Moyer
cf5bc9f1b4
Upgrade k8s.io/utils dependency.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-05-21 10:07:41 -05:00
Matt Moyer
0d02ba6af3
Upgrade k8s.io/gengo dependency.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-05-21 10:07:00 -05:00
Matt Moyer
74a569fa82
Upgrade golang.org/x/* module dependencies.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-05-21 10:06:29 -05:00
Matt Moyer
01c0514057
Upgrade github.com/pkg/browser.
...
This some some kind of improvement on Windows.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-05-21 10:00:19 -05:00
Matt Moyer
0d42c1e9fe
Update to Kubernetes 1.21.1 runtime components.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-05-21 09:57:41 -05:00
Margo Crawford
4606f1d8bd
More error handling for cluster ip
2021-05-20 16:21:10 -07:00
Ryan Richard
1307c49212
Merge pull request #620 from vmware-tanzu/ldap_starttls
...
Support `StartTLS` for `LDAPIdentityProvider`s
2021-05-20 16:16:37 -07:00
Ryan Richard
b01665386d
Use latest container image of our fork of bitnami-docker-openldap
2021-05-20 15:49:34 -07:00
Margo Crawford
599d70d6dc
Wire generatedClusterIPServiceName through from NamesConfig
2021-05-20 14:11:35 -07:00
Ryan Richard
901ddd1870
Merge branch 'main' into ldap_starttls
2021-05-20 13:40:56 -07:00
Ryan Richard
8b549f66d4
Add integration test for LDAP StartTLS
2021-05-20 13:39:48 -07:00
Ryan Richard
4780c39640
Merge pull request #618 from vmware-tanzu/initial_ldap_group_support
...
Initial support for upstream LDAP group membership
2021-05-20 13:10:23 -07:00
Ryan Richard
7e76b66639
LDAP upstream watcher controller tries using both TLS and StartTLS
...
- Automatically try to fall back to using StartTLS when using TLS
doesn't work. Only complain when both don't work.
- Remember (in-memory) which one worked and keeping using that one
in the future (unless the pod restarts).
2021-05-20 12:46:33 -07:00
Ryan Richard
fff90ed2ca
Merge branch 'main' into initial_ldap_group_support
2021-05-20 12:36:04 -07:00
Margo Crawford
62651eddb0
Took care of some impersonation cluster ip related todos
2021-05-20 11:57:07 -07:00
Matt Moyer
ec25259901
Update impersonatorconfig controller to use new CredentialIssuer update helper.
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2021-05-20 12:26:07 -05:00
Matt Moyer
e4dd83887a
Merge remote-tracking branch 'origin/main' into credentialissuer-spec-api
2021-05-20 10:53:53 -05:00
Matt Moyer
562942cdbf
Merge pull request #627 from mattmoyer/use-informers-for-credentialissuer-updates
...
Create CredentialIssuer at install, not runtime.
2021-05-20 10:13:41 -05:00
Ryan Richard
025b37f839
upstreamldap.New() now supports a StartTLS config option
...
- This enhances our LDAP client code to make it possible to optionally
dial an LDAP server without TLS and then use StartTLS to upgrade
the connection to TLS.
- The controller for LDAPIdentityProviders is not using this option
yet. That will come in a future commit.
2021-05-19 17:17:44 -07:00
Margo Crawford
63c39454f6
WIP on impersonation clusterip service
2021-05-19 17:00:28 -07:00
Matt Moyer
657488fe90
Create CredentialIssuer at install, not runtime.
...
Previously, our controllers would automatically create a CredentialIssuer with a singleton name. The helpers we had for this also used "raw" client access and did not take advantage of the informer cache pattern.
With this change, the CredentialIssuer is always created at install time in the ytt YAML. The controllers now only update the existing CredentialIssuer status, and they do so using the informer cache as much as possible.
This change is targeted at only the kubecertagent controller to start. The impersonatorconfig controller will be updated in a following PR along with other changes.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-05-19 17:15:25 -05:00
Margo Crawford
9e61640c92
LoadBalancerIP updated dynamically
2021-05-19 14:16:15 -07:00
Ryan Richard
94d6b76958
Merge branch 'initial_ldap_group_support' into ldap_starttls
2021-05-19 13:12:56 -07:00
Ryan Richard
424c112bbc
Merge branch 'main' into initial_ldap_group_support
2021-05-19 13:12:17 -07:00
Margo Crawford
3bb95f1de2
Give kubeclient_test some default values for credentialissuer spec
2021-05-19 11:56:54 -07:00
Margo Crawford
0b66321902
Changes to make the linter pass
2021-05-19 11:05:35 -07:00
Matt Moyer
297a484948
Add more validation and update tests for impersonationProxy as pointer.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-05-19 12:42:31 -05:00
Matt Moyer
13372a43e6
Update generated code from previous commit.
2021-05-19 11:41:35 -05:00
Matt Moyer
54e0b83146
Update API so that impersonationProxy spec is a pointer.
2021-05-19 11:41:17 -05:00
Margo Crawford
94c370ac85
Annotations for impersonation load balancer
2021-05-18 16:54:59 -07:00
Ryan Richard
b5063e59ab
Merge branch 'initial_ldap_group_support' into ldap_starttls
2021-05-18 16:39:59 -07:00
Ryan Richard
a6f95cfff1
Configure openldap to disallow non-TLS clients
...
- For testing purposes, we would like to ensure that when we connect
to the LDAP server we cannot accidentally avoid using TLS or StartTLS.
- Also enabled the openldap `memberOf` overlay in case we want to
support group search using `memberOf` in the future.
- This required changes to the docker.io/bitnami/openldap container
image, so we're using our own fork for now. Will submit a PR to
bitnami/openldap to see if they will accept it (or something similar)
upstream.
2021-05-18 16:38:12 -07:00
Margo Crawford
eaea3471ec
Validation for service type none and external endpoint none
...
Also added a few more test cases for provisioning a load balancer
2021-05-18 13:50:52 -07:00
Matt Moyer
4a785e73e6
WIP fixing impersonatorconfig tests
2021-05-18 14:54:04 -05:00