Commit Graph

744 Commits

Author SHA1 Message Date
Andrew Keesler
f806768039
Merge pull request #196 from ankeesler/ytt-logging
Add YTT template value for log level
2020-11-11 09:29:24 -05:00
Andrew Keesler
83a156d72b
Enable debug logging in all testing scenarios
It is really helpful to have verbose logs during test debugging.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-11-11 09:01:43 -05:00
Andrew Keesler
724c0d3eb0
Add YTT template value for setting log level
This is helpful for us, amongst other users, because we want to enable "debug"
logging whenever we deploy components for testing.

See a5643e3 for addition of log level.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-11-11 09:01:38 -05:00
Matt Moyer
5b8e0c4d99
Merge pull request #195 from mattmoyer/fix-links
Fix some links on the community page.
2020-11-10 17:22:37 -06:00
Matt Moyer
b2b8d5457d
Fix some links on the community page.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-11-10 17:19:30 -06:00
Matt Moyer
16ef0b2d41
Merge pull request #194 from jonasrosland/website-fixes
Minor website fixes and adding netlify configs
2020-11-10 16:24:51 -06:00
jonasrosland
d097de7fdf Minor website fixes and adding netlify configs
Signed-off-by: jonasrosland <jrosland@vmware.com>
2020-11-10 16:03:07 -05:00
Matt Moyer
101394c714
Merge pull request #188 from smalltalk-ai/main
Hugo version of Pinniped site
2020-11-10 14:51:45 -06:00
Matt Moyer
06df825dab
Merge pull request #193 from mattmoyer/add-extra-sites
Add Netlify configs for extra redirect domains.
2020-11-10 14:03:37 -06:00
Matt Moyer
f7efc360a0
Add Netlify configs for extra redirect domains.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-11-10 13:58:31 -06:00
Amy Manion
ad74f259de Content updates
-remove extra blog posts
-remove extra images
-replace Andrew’s picture
2020-11-10 13:39:13 -05:00
Ryan Richard
01941d6b2a Run Tilt containers as root because live-reload breaks otherwise 2020-11-10 09:27:44 -08:00
Mo Khan
9bfcaa33c6
Merge pull request #190 from enj/enj/f/klog_levels
Add log level support
2020-11-10 12:14:02 -05:00
Monis Khan
1c60e09f13
Make race detector happy by removing parallelism
Signed-off-by: Monis Khan <mok@vmware.com>
2020-11-10 11:23:42 -05:00
Monis Khan
15a5332428
Reduce log spam
Signed-off-by: Monis Khan <mok@vmware.com>
2020-11-10 10:22:27 -05:00
Monis Khan
a5643e3738
Add log level support
Signed-off-by: Monis Khan <mok@vmware.com>
2020-11-10 10:22:27 -05:00
Monis Khan
9356f64c55
Remove global klog --log-flush-frequency flag
Signed-off-by: Monis Khan <mok@vmware.com>
2020-11-10 08:48:42 -05:00
Adam Powell
896e1b45f0 Hugo version of Pinniped site 2020-11-06 12:42:57 -10:00
Andrew Keesler
3bc13517b2
prepare-for-integration-tests.sh: add check for chromedriver
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-11-04 15:53:32 -08:00
Matt Moyer
8684f8f628
Merge pull request #139 from enj/enj/i/use_parent_func
Use parent func to indicate when the controller queue is a singleton
2020-11-04 14:21:50 -06:00
Matt Moyer
4da3d93f6e
The supervisor JWKS observer and TLS cert controllers use the ctx after all, whoops.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-11-04 13:08:50 -06:00
Monis Khan
418f4d20ae
Use parent func to indicate when the controller queue is a singleton
This prevents unnecessary sync loop runs when the controller is
running with a single worker.  When the controller is running with
more than one worker, it prevents subtle bugs that can cause the
controller to go "back in time."

Signed-off-by: Monis Khan <mok@vmware.com>
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-11-04 11:08:10 -06:00
Andrew Keesler
e7a817e67a
Merge pull request #186 from ankeesler/bump-jose
gopkg.in/square/go-jose.v2: v2.2.2 -> v2.5.1
2020-11-04 10:14:32 -05:00
Andrew Keesler
0bbf55e46f
gopkg.in/square/go-jose.v2: v2.2.2 -> v2.5.1
We were behind for some reason. Probably makes sense to bump to
latest version to get bug fixes and such.
2020-11-04 09:55:18 -05:00
Andrew Keesler
0d8477ea8a Add a type for in-memory caching of upstream OIDC Identity Providers
Signed-off-by: Ryan Richard <richardry@vmware.com>
2020-11-03 12:06:07 -08:00
Ryan Richard
1223cf7877
Merge pull request #154 from vmware-tanzu/change_release_static_yaml_names
Rename static yaml files in release process
2020-11-02 17:09:11 -08:00
Ryan Richard
036845deee
Merge pull request #184 from vmware-tanzu/bump_golang_and_slim
Upgrade golang patch release to 1.15.3 and debian 10.5-slim -> 10.6-slim
2020-11-02 17:08:48 -08:00
Matt Moyer
c451604816
Merge pull request #182 from mattmoyer/more-renames
Rename more APIs before we cut a release with longer-term API compatibility
2020-11-02 18:34:26 -06:00
Ryan Richard
05cf56a0fa
Merge pull request #180 from vmware-tanzu/limits
Add CPU/memory limits to our deployments
2020-11-02 16:22:37 -08:00
Ryan Richard
5a0e7fd358 Upgrade golang patch release to 1.15.3 and debian 10.5-slim -> 10.6-slim 2020-11-02 16:17:15 -08:00
Matt Moyer
2bf5c8b48b
Replace the OIDCProvider field SNICertificateSecretName with a TLS.SecretName field.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-11-02 18:15:03 -06:00
Ryan Richard
05233963fb Add CPU requests and limits to the Concierge and Supervisor deployments 2020-11-02 15:47:20 -08:00
Matt Moyer
2b8773aa54
Rename OIDCProviderConfig to OIDCProvider.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-11-02 17:40:39 -06:00
Matt Moyer
59263ea733
Rename CredentialIssuerConfig to CredentialIssuer.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-11-02 17:39:42 -06:00
Matt Moyer
b13a8075e4
Merge pull request #183 from vmware-tanzu/non-root
Run as non-root
2020-11-02 17:39:14 -06:00
Ryan Richard
d596f8c3e5 Empty commit to trigger CI 2020-11-02 15:18:39 -08:00
Ryan Richard
75c35e74cc Refactor and add unit tests for previous commit to run agent pod as root 2020-11-02 15:03:37 -08:00
Matt Moyer
e4f4cd7ca0
Merge pull request #181 from mattmoyer/add-psp-cluster-role-permission
Give the concierge access to use any PodSecurityPolicy.
2020-11-02 15:35:56 -06:00
Ryan Richard
a01921012d
kubecertagent: explicitly run as root
We need root here because the files that this pod reads are
most likely restricted to root access.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-11-02 16:33:46 -05:00
Ryan Richard
2e50e8f01b
hack/lib/tilt: run Tilt images with non-root user
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-11-02 16:32:50 -05:00
Matt Moyer
935577f8e7
Give the concierge access to use any PodSecurityPolicy.
This is needed on clusters with PodSecurityPolicy enabled by default, but should be harmless in other cases.

This is generally needed because a restrictive PodSecurityPolicy will usually otherwise prevent the `hostPath` volume mount needed by the dynamically-created cert agent pod.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-11-02 15:10:00 -06:00
Ryan Richard
781f86d18c
deploy: add memory limits
This is the beginning of a change to add cpu/memory limits to our pods.
We are doing this because some consumers require this, and it is generally
a good practice.

The limits == requests for "Guaranteed" QoS.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-11-02 14:57:39 -05:00
Andrew Keesler
fcea48c8f9
Run as non-root
I tried to follow a principle of encapsulation here - we can still default to
peeps making connections to 80/443 on a Service object, but internally we will
use 8080/8443.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-11-02 12:51:15 -05:00
Andrew Keesler
7639d5e161
Merge pull request #178 from ankeesler/test-cleanup
test/integration: protect from NPE and follow doc conventions
2020-11-02 12:22:34 -05:00
Ryan Richard
ab5c04b1f3
Merge pull request #176 from vmware-tanzu/agent_pod_additional_label_handling
Handle custom labels better in the agent pod controllers
2020-11-02 09:08:42 -08:00
Andrew Keesler
fb3c5749e8
test/integration: protect from NPE and follow doc conventions
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-11-02 11:51:02 -05:00
Ryan Richard
7597b12a51 Small unit test changes for deleter_test.go 2020-11-02 08:40:39 -08:00
Matt Moyer
5bbfc35d27
Merge pull request #175 from mattmoyer/split-config-apis
Split the config CRDs into two API groups.
2020-10-30 19:42:03 -05:00
Ryan Richard
f76b9857da Don't use custom labels when selecting an agent pod
And delete the agent pod when it needs its custom labels to be
updated, so that the creator controller will notice that it is missing
and immediately create it with the new custom labels.
2020-10-30 17:41:17 -07:00
Matt Moyer
9e1922f1ed
Split the config CRDs into two API groups.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-10-30 19:22:46 -05:00