djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
045c427317
ContainerImage.Pinniped/test/integration
History
Ryan Richard a2ecd05240 Impersonator config controller writes CA cert & key to different Secret 
- The CA cert will end up in the end user's kubeconfig on their client
  machine, so if it changes they would need to fetch the new one and
  update their kubeconfig. Therefore, we should avoid changing it as
  much as possible.
- Now the controller writes the CA to a different Secret. It writes both
  the cert and the key so it can reuse them to create more TLS
  certificates in the future.
- For now, it only needs to make more TLS certificates if the old
  TLS cert Secret gets deleted or updated to be invalid. This allows
  for manual rotation of the TLS certs by simply deleting the Secret.
  In the future, we may want to implement some kind of auto rotation.
- For now, rotation of both the CA and TLS certs will also happen if
  you manually delete the CA Secret. However, this would cause the end
  users to immediately need to get the new CA into their kubeconfig,
  so this is not as elegant as a normal rotation flow where you would
  have a window of time where you have more than one CA.
2021-03-01 17:02:08 -08:00
..
category_test.go Add WhoAmIRequest Aggregated Virtual REST API 2021-02-22 20:02:41 -05:00
cli_test.go Declare war on namespaces 2021-02-10 21:52:07 -05:00
concierge_api_serving_certs_test.go Use new 'go.pinniped.dev/generated/latest' package. 2021-02-16 13:00:08 -06:00
concierge_availability_test.go Allow multiple Pinnipeds to work on same cluster 2021-02-02 15:18:41 -08:00
concierge_client_test.go Declare war on namespaces 2021-02-10 21:52:07 -05:00
concierge_credentialissuerconfig_test.go Use new 'go.pinniped.dev/generated/latest' package. 2021-02-16 13:00:08 -06:00
concierge_credentialrequest_test.go Use new 'go.pinniped.dev/generated/latest' package. 2021-02-16 13:00:08 -06:00
concierge_impersonation_proxy_test.go Impersonator config controller writes CA cert & key to different Secret 2021-03-01 17:02:08 -08:00
concierge_kubecertagent_test.go test/integration: make TestKubeCertAgent more stable 2021-02-10 12:08:34 -05:00
concierge_kubectl_test.go Rename pinniped-server -> pinniped-concierge 2020-10-06 14:59:03 -04:00
e2e_test.go Merge remote-tracking branch 'upstream/main' into impersonation-proxy 2021-02-23 12:10:52 -05:00
kube_api_discovery_test.go Add WhoAmIRequest Aggregated Virtual REST API 2021-02-22 20:02:41 -05:00
kubeclient_test.go concierge_impersonation_proxy_test.go: Test all the verbs 2021-02-23 10:38:32 -08:00
supervisor_discovery_test.go Use new 'go.pinniped.dev/generated/latest' package. 2021-02-16 13:00:08 -06:00
supervisor_healthz_test.go test/integration: ensure no pods restart during integration tests 2021-02-04 10:24:33 -05:00
supervisor_login_test.go Use new 'go.pinniped.dev/generated/latest' package. 2021-02-16 13:00:08 -06:00
supervisor_secrets_test.go Use new 'go.pinniped.dev/generated/latest' package. 2021-02-16 13:00:08 -06:00
supervisor_storage_garbage_collection_test.go Allow multiple Pinnipeds to work on same cluster 2021-02-02 15:18:41 -08:00
supervisor_storage_test.go Allow multiple Pinnipeds to work on same cluster 2021-02-02 15:18:41 -08:00
supervisor_upstream_test.go Use new 'go.pinniped.dev/generated/latest' package. 2021-02-16 13:00:08 -06:00
whoami_test.go TestWhoAmI: support older clusters (CSR and impersonation) 2021-02-23 10:15:17 -05:00