75dd98a965
Integration test for impersonation proxy cluster ip
2021-05-25 13:50:50 -07:00
61362f8187
Merge pull request #639 from vmware-tanzu/dependabot/go_modules/github.com/google/go-cmp-0.5.6
...
Bump github.com/google/go-cmp from 0.5.5 to 0.5.6
2021-05-25 11:04:08 -05:00
f89f2281d8
Bump github.com/google/go-cmp from 0.5.5 to 0.5.6
...
Bumps [github.com/google/go-cmp](https://github.com/google/go-cmp ) from 0.5.5 to 0.5.6.
- [Release notes](https://github.com/google/go-cmp/releases )
- [Commits](https://github.com/google/go-cmp/compare/v0.5.5...v0.5.6 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-05-25 05:51:17 +00:00
f5b11a0239
New docs: 1) Concierge with Supervisor, and 2) Supervisor with OpenLDAP
2021-05-24 19:08:25 -07:00
5e8945c616
Merge pull request #632 from vmware-tanzu/ldap_additional_unit_test
...
Add another unit test for the LDAP client code
2021-05-24 14:26:13 -07:00
2331c2dae2
Merge branch 'main' into ldap_additional_unit_test
2021-05-24 14:24:48 -07:00
2014f4623d
Move require.NoError() to t.Cleanup()
2021-05-24 14:24:09 -07:00
fabc08b01b
Merge branch 'main' of github.com:vmware-tanzu/pinniped into credentialissuer-spec-api
2021-05-24 15:49:13 -05:00
468463ce1d
Merge pull request #635 from mattmoyer/fix-docs-version-to-better-default
...
Replace all references to "a specific version" with v0.8.0.
2021-05-24 14:25:48 -05:00
520eb43bfd
Replace all references to "a specific version" with v0.8.0.
...
The documentation was a bit confusing before, and it was easy to accidentally install a very outdated version if you weren't reading carefully.
We could consider writing a post-release CI job to update these references automatically (perhaps using a Hugo macro?), but for now a manual update seems sufficient.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-05-24 11:50:16 -05:00
5de9bac4ac
Oof... good I wrote an integration test because that's not how updating works!
...
Now updating the existing service in kubernetes but with the new
annotations
2021-05-24 09:41:49 -07:00
523a8d432f
Merge pull request #616 from vmware-tanzu/okta-supervisor-docs
...
Add doc for configuring the supervisor with okta
2021-05-24 10:34:02 -05:00
1ab1d41735
Minor cleanups on the new Supervisor+Okta docs page.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-05-24 10:31:06 -05:00
36168122cc
Add doc for configuring the supervisor with okta
2021-05-24 10:30:50 -05:00
150e879a68
Add tests for deleting services
2021-05-21 13:47:06 -07:00
b16e84d90a
Add another unit test for the LDAP client code
2021-05-21 12:44:01 -07:00
722aa72206
Integration test tests update functionality
2021-05-21 10:19:33 -07:00
2d0cb16239
Merge pull request #631 from mattmoyer/remove-openapi-codegen
...
Stop generating zz_generated.openapi.go files.
2021-05-21 12:19:09 -05:00
b4bb0db6e5
Refactor some shared code between load balancer and cluster ip creation
2021-05-21 09:57:46 -07:00
fd9d9b8c73
Stop generating zz_generated.openapi.go files.
...
It turns out we no longer need these and can skip this bit of code generation.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-05-21 11:16:59 -05:00
44f6fd4437
Merge pull request #630 from mattmoyer/20210521-dependency-updates
...
Upgrade Go module dependencies
2021-05-21 11:12:03 -05:00
f0d5923091
Downgrade k8s.io/kube-openapi back to a previous version.
...
9b07d72531...00de3ae54c
2021-05-21 10:42:39 -05:00
85ebaa96d5
Upgrade k8s.io/kube-openapi dependency.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-05-21 10:11:26 -05:00
cf5bc9f1b4
Upgrade k8s.io/utils dependency.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-05-21 10:07:41 -05:00
0d02ba6af3
Upgrade k8s.io/gengo dependency.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-05-21 10:07:00 -05:00
74a569fa82
Upgrade golang.org/x/* module dependencies.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-05-21 10:06:29 -05:00
01c0514057
Upgrade github.com/pkg/browser.
...
This some some kind of improvement on Windows.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-05-21 10:00:19 -05:00
0d42c1e9fe
Update to Kubernetes 1.21.1 runtime components.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-05-21 09:57:41 -05:00
4606f1d8bd
More error handling for cluster ip
2021-05-20 16:21:10 -07:00
1307c49212
Merge pull request #620 from vmware-tanzu/ldap_starttls
...
Support `StartTLS` for `LDAPIdentityProvider`s
2021-05-20 16:16:37 -07:00
b01665386d
Use latest container image of our fork of bitnami-docker-openldap
2021-05-20 15:49:34 -07:00
599d70d6dc
Wire generatedClusterIPServiceName through from NamesConfig
2021-05-20 14:11:35 -07:00
901ddd1870
Merge branch 'main' into ldap_starttls
2021-05-20 13:40:56 -07:00
8b549f66d4
Add integration test for LDAP StartTLS
2021-05-20 13:39:48 -07:00
4780c39640
Merge pull request #618 from vmware-tanzu/initial_ldap_group_support
...
Initial support for upstream LDAP group membership
2021-05-20 13:10:23 -07:00
7e76b66639
LDAP upstream watcher controller tries using both TLS and StartTLS
...
- Automatically try to fall back to using StartTLS when using TLS
doesn't work. Only complain when both don't work.
- Remember (in-memory) which one worked and keeping using that one
in the future (unless the pod restarts).
2021-05-20 12:46:33 -07:00
fff90ed2ca
Merge branch 'main' into initial_ldap_group_support
2021-05-20 12:36:04 -07:00
62651eddb0
Took care of some impersonation cluster ip related todos
2021-05-20 11:57:07 -07:00
ec25259901
Update impersonatorconfig controller to use new CredentialIssuer update helper.
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2021-05-20 12:26:07 -05:00
e4dd83887a
Merge remote-tracking branch 'origin/main' into credentialissuer-spec-api
2021-05-20 10:53:53 -05:00
562942cdbf
Merge pull request #627 from mattmoyer/use-informers-for-credentialissuer-updates
...
Create CredentialIssuer at install, not runtime.
2021-05-20 10:13:41 -05:00
025b37f839
upstreamldap.New() now supports a StartTLS config option
...
- This enhances our LDAP client code to make it possible to optionally
dial an LDAP server without TLS and then use StartTLS to upgrade
the connection to TLS.
- The controller for LDAPIdentityProviders is not using this option
yet. That will come in a future commit.
2021-05-19 17:17:44 -07:00
63c39454f6
WIP on impersonation clusterip service
2021-05-19 17:00:28 -07:00
657488fe90
Create CredentialIssuer at install, not runtime.
...
Previously, our controllers would automatically create a CredentialIssuer with a singleton name. The helpers we had for this also used "raw" client access and did not take advantage of the informer cache pattern.
With this change, the CredentialIssuer is always created at install time in the ytt YAML. The controllers now only update the existing CredentialIssuer status, and they do so using the informer cache as much as possible.
This change is targeted at only the kubecertagent controller to start. The impersonatorconfig controller will be updated in a following PR along with other changes.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-05-19 17:15:25 -05:00
9e61640c92
LoadBalancerIP updated dynamically
2021-05-19 14:16:15 -07:00
94d6b76958
Merge branch 'initial_ldap_group_support' into ldap_starttls
2021-05-19 13:12:56 -07:00
424c112bbc
Merge branch 'main' into initial_ldap_group_support
2021-05-19 13:12:17 -07:00
3bb95f1de2
Give kubeclient_test some default values for credentialissuer spec
2021-05-19 11:56:54 -07:00
0b66321902
Changes to make the linter pass
2021-05-19 11:05:35 -07:00
297a484948
Add more validation and update tests for impersonationProxy as pointer.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-05-19 12:42:31 -05:00
Margo Crawford