Commit Graph

70 Commits

Author SHA1 Message Date
Ryan Richard
54fb03153a multiple IDPs and identity transformations docs 2023-09-13 14:33:53 -07:00
Benjamin A. Petersen
8df2d3cc58
site: fix codeblock left padding and spacing tweak 2023-09-08 15:41:31 -04:00
Benjamin A. Petersen
a5c481cf61
Add docs for Supervisor with Azure AD
- Note that Azure AD is being rebranded to Entra ID
2023-09-06 13:14:37 -04:00
Ryan Richard
835b8a5333 Update docs to clarify which Supervisor port to expose outside cluster 2023-08-22 10:00:56 -07:00
Benjamin A. Petersen
a71f1f88d9
site: minor text updates 2023-08-02 13:46:51 -04:00
Benjamin A. Petersen
bb670249cf
site: reorganize /howto/idp->/howto/supervisor 2023-08-02 13:22:23 -04:00
Benjamin A. Petersen
f632698568
site: add redirects for old doc links 2023-08-02 12:42:08 -04:00
Benjamin A. Petersen
fbb5296f68
site sidebar: menu renaming & reorganization 2023-08-02 12:09:33 -04:00
Benjamin A. Petersen
14c353993b
site sidebar: create new How-to sub-heading for IDP config 2023-08-02 12:09:24 -04:00
Joshua Casey
82b39190ba Add How To... Integrate with Auth0 2023-07-28 14:41:06 -05:00
Joshua Casey
52b0cf43ca Fix godoc 2023-07-19 15:47:47 -05:00
Ryan Richard
d0048595da Add docs for UserAttributeForFilter group search setting 2023-05-31 13:01:17 -07:00
Ryan Richard
19b60fe563 Clarify audience value in Concierge-only auth doc, and other doc updates
Also renamed a couple of integration test files to make their names
more clear.
2023-04-03 16:54:10 -07:00
Jamie Klassen
6ee05611a1
use apiGroup without version in webapp auth howto 2023-03-16 15:51:17 -04:00
rooso
3548362ce4
Update example configuration for Active Directory
there was an typo in the example configuration for Microsoft Active Directory. Attribute was `userPrincipleName` but should be `userPrincipalName`
2022-10-20 14:34:12 +02:00
Ryan Richard
b46a2f0267 Add more details about OIDCClients to configure-auth-for-webapps.md
Co-authored-by: Ryan Richard <richardry@vmware.com>
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
2022-09-22 12:31:31 -07:00
Ryan Richard
02a27e0186 Add docs for dynamic clients 2022-08-11 14:35:18 -07:00
Ryan Richard
fd9d641b5c Add doc for PINNIPED_UPSTREAM_IDENTITY_PROVIDER_FLOW env var 2022-06-06 09:47:50 -07:00
Ryan Richard
39fd9ba270 Small refactors and comments for LDAP/AD UI 2022-05-19 16:02:08 -07:00
Ryan Richard
4101a55001 Update docs for new LDAP/AD browser-based login flow
Also fix some comments that didn't fit onto one line in the yaml
examples, be consistent about putting a blank line above `---` yaml
separators, and some other small doc improvements.
2022-05-11 11:19:08 -07:00
Ryan Richard
51c527a965 Change to camel-case for insecureAcceptExternalUnencryptedHttpRequests
- Use camel-case in the static configmap
- Parse the value into a boolean in the go struct instead of a string
- Add test for when unsupported value is used in the configmap
- Run the config_test.go tests in parallel
- Update some paragraphs in configure-supervisor.md for clarity
2022-03-31 16:23:45 -07:00
Ryan Richard
3592f80457 Merge branch 'main' into disable_http 2022-03-28 17:03:59 -07:00
Ryan Richard
488f08dd6e Provide a way to override the new HTTP loopback-only validation
Add new deprecated_insecure_accept_external_unencrypted_http_requests
value in values.yaml. Allow it to be a boolean or a string to make it
easier to use (both --data-value and --data-value-yaml will work).

Also:
- Consider "ip6-localhost" and "ip6-loopback" to be loopback addresses
  for the validation
- Remove unused env.SupervisorHTTPAddress var
- Deprecate the `service_http_*` values in values.yaml by renaming them
  and causing a ytt render error when the old names are used
2022-03-28 17:03:23 -07:00
Monis Khan
57fb085bef
Add Workspace ONE Access docs
Signed-off-by: Monis Khan <mok@vmware.com>
2022-03-24 20:17:54 -04:00
Ryan Richard
8d12c1b674 HTTP listener: default disabled and may only bind to loopback interfaces 2022-03-24 15:46:10 -07:00
Margo Crawford
b8bdfa1b9a Update docs to reference the latest k8s codegen version
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-03-03 10:36:42 -08:00
Mo Khan
c4ae5cfebb
Merge pull request #1003 from enj/enj/d/dex_password
Update dex docs regarding password grant
2022-02-15 15:45:54 -05:00
Monis Khan
a21a5bca1e
Update dex docs regarding password grant
Signed-off-by: Monis Khan <mok@vmware.com>
2022-02-13 12:48:20 -05:00
Ryan Richard
e57a1a7891 Overwrite the old Supervisor+Concierge tutorial with the new one
And make it easier for web site readers to find by adding prominent
links to it from several places.
2022-02-11 17:03:13 -08:00
Margo Crawford
726e88ea03 When instructing users how to install the concierge with kubectl apply,
reccommend using install-pinniped-concierge-crds.yaml, then
install-pinniped-concierge-resources.yaml.

Previously we recommended install-pinniped-concierge-crds (a subset),
then install-pinniped-concierge (everything concierge related, including
the crds). This works fine for install, but not uninstall. Instead we
should use a separate yaml file that contains everything in
install-pinniped-concierge but *not* in install-pinniped-concierge-crds.

We have been generating this file in CI since a5ced4286b6febc7474b7adee34eeb1b62ec82b7
but we haven't released since then so we haven't been able to recommend
its use.
2022-01-21 10:26:45 -08:00
Monis Khan
1e1789f6d1
Allow configuration of supervisor endpoints
This change allows configuration of the http and https listeners
used by the supervisor.

TCP (IPv4 and IPv6 with any interface and port) and Unix domain
socket based listeners are supported.  Listeners may also be
disabled.

Binding the http listener to TCP addresses other than 127.0.0.1 or
::1 is deprecated.

The deployment now uses https health checks.  The supervisor is
always able to complete a TLS connection with the use of a bootstrap
certificate that is signed by an in-memory certificate authority.

To support sidecar containers used by service meshes, Unix domain
socket based listeners include ACLs that allow writes to the socket
file from any runAsUser specified in the pod's containers.

Signed-off-by: Monis Khan <mok@vmware.com>
2022-01-18 17:43:45 -05:00
Ryan Richard
dec43289f6 Lots of small updates based on PR feedback 2021-10-20 15:53:25 -07:00
Ryan Richard
d3ade82f3f Update docs 2021-10-19 09:48:40 -07:00
Ryan Richard
ddb23bd2ed Add upstream refresh related config to OIDCIdentityProvider CRD
Also update related docs.
2021-10-14 15:49:44 -07:00
Ryan Richard
883007aa1b
Merge pull request #756 from vmware-tanzu/ad-identity-provider-docs
Document how to configure the ActiveDirectoryIdentityProvider
2021-08-31 10:48:25 -07:00
Ryan Richard
86bfd4f5e4 Number each install step using "1." 2021-08-25 16:37:36 -07:00
Ryan Richard
399737e7c6 Install docs use more GitOps-friendly style 2021-08-25 14:33:48 -07:00
Margo Crawford
cec3c2133a Update with new default values 2021-08-19 16:27:43 -07:00
Ryan Richard
42d31a7085 Update login.md doc to mention OIDC CLI-based flow 2021-08-19 09:59:47 -07:00
Matt Moyer
c3e037b24e
Fix a broken link in .../docs/howto/configure-supervisor.md.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-07-29 09:56:00 -05:00
Matt Moyer
62afb34877
Fix command typo and expand description of values.yaml a bit.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-07-29 08:45:19 -05:00
Matt Moyer
fd5ed2e5da
Rework "install" sections of our docs.
- Remove all the "latest" links and replace them with our new shortcode so they point at the latest release in a more explicit way.
  This also eliminates one of the sections in our Concierge and Supervisor install guides, since you're always installing a specific version.

- Provide instructions for installing with both kapp (one step) and kubectl (two steps for the Concierge).

- Minor wording changes. Mainly we are now a bit less verbose about reminding people they can choose a different version (once per page instead of in each step).

- When we give an example `kapp deploy` command, don't suggest `--yes` and `--diff-changes`.
  Users can still use these but it seems overly verbose for an example command.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-07-29 08:45:19 -05:00
Matt Moyer
ca82609d1a
Create a site parameter and shortcode for "latestversion".
This gives us a single line of YAML to edit when we want to bump our docs to the latest version number.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-07-29 08:45:18 -05:00
Margo Crawford
a6dc5b912f Document how to configure the ActiveDirectoryIdentityProvider 2021-07-28 14:35:29 -07:00
Ryan Richard
f4829178b3 Use sentence case for headers in docs
Following some common developer style guides such as
Google
https://developers.google.com/style/capitalization#capitalization-in-titles-and-headings
and Microsoft
https://docs.microsoft.com/en-us/style-guide/scannable-content/headings#formatting-headings
2021-07-26 17:18:44 -07:00
Ryan Richard
e30cf6e51a
Merge branch 'main' into cli_username_password_env_vars 2021-07-22 09:29:03 -07:00
Ryan Richard
64aba7e703 Add new howto guide login.md 2021-07-21 12:10:47 -07:00
Radoslav Dimitrov
f6273b0604 Update the Prerequisites section and add a note about the groups scope
Add Dex to the prerequisites and add a note that to query for the groups
scope the user must set the organizations Dex should search against.
Otherwise the groups claim would be empty. This is because of the format
group claims are represented, i.e. "org:team".

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>
2021-07-20 13:49:45 +03:00
Radoslav Dimitrov
0bdd1bc68f Add documentation for configuring Supervisor with Dex and Github
The following guide describes the process of configuring Supervisor
with Dex and identify users through their Github account. Issue #415

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>
2021-07-19 16:00:43 +03:00
Ryan Richard
11eb18d348 ytt install docs suggest that you checkout the release tag
Previously, the ytt install docs suggested that you use ytt templates
from the HEAD of main with the container image from the latest public
release, which could result in a mismatch.
2021-07-14 10:59:51 -07:00