Ryan Richard
a2365b1cce
Remove -count 1
from unit test running in module.sh
2020-09-18 15:58:22 -07:00
Ryan Richard
80a520390b
Rename many of resources that are created in Kubernetes by Pinniped
...
New resource naming conventions:
- Do not repeat the Kind in the name,
e.g. do not call it foo-cluster-role-binding, just call it foo
- Names will generally start with a prefix to identify our component,
so when a user lists all objects of that kind, they can tell to which
component it is related,
e.g. `kubectl get configmaps` would list one named "pinniped-config"
- It should be possible for an operator to make the word "pinniped"
mostly disappear if they choose, by specifying the app_name in
values.yaml, to the extent that is practical (but not from APIService
names because those are hardcoded in golang)
- Each role/clusterrole and its corresponding binding have the same name
- Pinniped resource names that must be known by the server golang code
are passed to the code at run time via ConfigMap, rather than
hardcoded in the golang code. This also allows them to be prepended
with the app_name from values.yaml while creating the ConfigMap.
- Since the CLI `get-kubeconfig` command cannot guess the name of the
CredentialIssuerConfig resource in advance anymore, it lists all
CredentialIssuerConfig in the app's namespace and returns an error
if there is not exactly one found, and then uses that one regardless
of its name
2020-09-18 15:56:50 -07:00
Ryan Richard
24f962f1b8
Ignore a lint err in cli_test.go
2020-09-18 10:52:31 -07:00
Ryan Richard
2ecb43154b
Enhance TestCLI integration test so it can catch mistakes with env vars
...
- Also remove a log statement from a test which caused a lot of extra
output when the tests are run with `go test -v`
2020-09-18 10:27:15 -07:00
Ryan Richard
dba951fe89
Note that CLI warning can be ignored in demo.md
2020-09-18 09:24:04 -07:00
Ryan Richard
245854b85a
Update demo.md
2020-09-18 09:11:56 -07:00
Andrew Keesler
5867f3699c
Merge pull request #123 from ankeesler/kubernetes-deep-equal
...
internal/controller/issuerconfig: use Kubernetes DeepEqual
2020-09-18 07:48:57 -04:00
Ryan Richard
7d5f57f923
PR template is not working, so trying moving it up one directory
2020-09-17 16:36:33 -07:00
Ryan Richard
2d497cbd36
Update the demo; most importantly remove the base64 decoding of the CA
...
- The `webhook_ca_bundle` ytt value should be base64 encoded
2020-09-17 16:08:45 -07:00
Ryan Richard
eabe51c446
local-user-authenticator can be deployed from a private registry image
...
- Also add more comment to the values.yaml files to make the options
more clear
2020-09-17 16:07:31 -07:00
Ryan Richard
a479450940
CLI's get-kubeconfig
subcommand now also sets PINNIPED_NAMESPACE env var
2020-09-17 16:05:56 -07:00
Andrew Keesler
b523e5832c
internal/controller/issuerconfig: use Kubernetes DeepEqual
...
I learned this here:
https://github.com/kubernetes/apimachinery/issues/75#issuecomment-550150929
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-09-17 17:35:14 -04:00
Ryan Richard
079e07a51f
Fix mistake in ytt/kapp command in demo.md
2020-09-17 14:07:18 -07:00
Matt Moyer
025940d4f1
Merge pull request #121 from mattmoyer/switch-orgs
...
Update module/package names to match GitHub org switch.
2020-09-17 13:24:56 -05:00
Matt Moyer
8c9c1e206d
Update module/package names to match GitHub org switch.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-17 12:56:54 -05:00
Ryan Richard
4c9cbf0706
Remove mention of things not yet implemented from architecture.md
2020-09-17 09:10:35 -07:00
Matt Moyer
a70a4766d2
Merge pull request #92 from suzerain-io/dependabot/docker/golang-1.15.2
...
Bump golang from 1.15.1 to 1.15.2
2020-09-17 10:24:04 -05:00
Matt Moyer
1741f832eb
Merge pull request #114 from mattmoyer/new-token-credential-request-api
...
New "login.pinniped.dev/v1alpha1" group with TokenCredentialRequest API.
2020-09-17 10:23:22 -05:00
Matt Moyer
b3327d7522
Switch our client over to use the new TokenCredentialRequest API.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-17 09:52:23 -05:00
Matt Moyer
10793ac11f
Allow anonymous access to TokenCredentialRequests.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-17 09:52:23 -05:00
Matt Moyer
7ce760a5dd
Register a second APIService for the login.pinniped.dev.
...
This is handled by a second instance of the APIServiceUpdaterController.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-17 09:52:23 -05:00
Matt Moyer
af034befb0
Paramaterize the APIService name in apiServiceUpdaterController rather than hardcoding.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-17 09:52:23 -05:00
Matt Moyer
a8487b78c9
Add some conversions to allow our REST handler to handle both old and new credential request APIs.
...
Eventually we could refactor to remove support for the old APIs, but they are so similar that a single implementation seems to handle both easily.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-17 09:52:23 -05:00
Matt Moyer
58bf93b10c
Add a new login.pinniped.dev API group with TokenCredentialRequest.
...
This is essentially meant to be be "v1alpha2" of the existing CredentialRequest API, but since we want to move API groups we can just start over at v1alpha1.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-17 09:52:22 -05:00
Andrew Keesler
f464e03380
Generate code against 1.17.11
...
We want to be able to run kind integration tests against the same
versions that we generate code against. There is no public
kindest/node image for 1.17.9, so let's update to the next 1.17.x
version where there is an image: 1.17.11.
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-09-17 10:35:45 -04:00
Ryan Richard
efbe3a26c1
Merge pull request #111 from suzerain-io/contributor_guide_updates
...
Contributor guide updates
2020-09-16 16:48:26 -07:00
Andrew Keesler
4f59d9286c
Update community meeting link to one which requires a host to be present
...
Signed-off-by: Ryan Richard <richardry@vmware.com>
2020-09-16 16:39:59 -07:00
Andrew Keesler
6c75de9334
Use public container images for codegen as as defaults when deploying
...
Signed-off-by: Ryan Richard <richardry@vmware.com>
2020-09-16 15:46:51 -07:00
Ryan Richard
f425eed07c
Small edits to PR template file
2020-09-16 09:06:36 -07:00
Ryan Richard
7a975d98fb
First draft of a PR template file.
2020-09-16 08:56:18 -07:00
Ryan Richard
635ecd7b1a
Merge branch 'main' into contributor_guide_updates
2020-09-16 08:32:34 -07:00
dependabot[bot]
29305777bb
Bump golang from 1.15.1 to 1.15.2
...
Bumps golang from 1.15.1 to 1.15.2.
Signed-off-by: dependabot[bot] <support@github.com>
2020-09-16 14:59:35 +00:00
Andrew Keesler
6d0b83aabf
Merge pull request #113 from ankeesler/pinniped-copyright
...
Pinniped copyright
2020-09-16 10:58:40 -04:00
Andrew Keesler
6ba712d612
Fix copyright format in hack/header.txt
2020-09-16 10:42:26 -04:00
Andrew Keesler
eab5c2b86b
Save 2 lines by using inline-style comments for Copyright
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-09-16 10:35:19 -04:00
Andrew Keesler
e7b389ae6c
Update copyright to reference Pinniped contributors
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-09-16 10:05:51 -04:00
Ryan Richard
e51e51dfd4
Add link to public Pinniped Biweekly Community Meeting agenda/notes doc
2020-09-15 18:19:20 -07:00
Ryan Richard
cd0194cb68
Contributor guide updates
2020-09-15 17:59:40 -07:00
Ryan Richard
a73f14e03d
Revert "Fake README update to test a change to the PR pipeline"
...
This reverts commit e3b8c3b611
.
2020-09-15 16:43:04 -07:00
Ryan Richard
e3b8c3b611
Fake README update to test a change to the PR pipeline
2020-09-15 16:41:39 -07:00
Ryan Richard
da9f24cf30
Merge pull request #99 from ankeesler/arch-doc
...
doc/architecture.md and new overview diagram
2020-09-15 16:20:31 -07:00
Ryan Richard
67de7f5646
Further explain the webhook API in architecture.md
2020-09-15 16:18:48 -07:00
Ryan Richard
43c69ec339
Update the architecture diagram
...
- Also update the instructions for editing the documentation images
2020-09-15 16:07:09 -07:00
Ryan Richard
014fb518bc
Change one usage of "external" back to "upstream"
2020-09-15 14:04:05 -07:00
Ryan Richard
321c6a5392
Merge remote-tracking branch 'origin/main' into arch-doc
2020-09-15 14:02:26 -07:00
Ryan Richard
db98f2810f
Merge pull request #98 from suzerain-io/get_kubeconfig_cli
...
Organize Pinniped CLI into subcommands; Add get-kubeconfig subcommand
2020-09-15 13:34:14 -07:00
Andrew Keesler
062dfa3e75
Merge pull request #100 from ankeesler/adopters-doc
...
ADOPTERS.md: add initial draft
2020-09-15 16:20:35 -04:00
Matt Moyer
1244a950e7
Merge pull request #108 from mattmoyer/cleanup-credential-request-api
...
Clean up CredentialRequest `types.go`.
2020-09-15 15:03:07 -05:00
Matt Moyer
8df910361c
Clean up CredentialRequest types.go
.
...
Mostly cleaned up and added doc strings, but also removed unneeded protobuf tags.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-15 14:30:12 -05:00
Matt Moyer
37da441e96
Merge pull request #107 from mattmoyer/tidy-go-modules
...
Tidy go.mod/go.sum.
2020-09-15 14:29:39 -05:00