ContainerImage.Pinniped/hack/lib
Ryan Richard 8b7c30cfbd Supervisor listens for HTTPS on port 443 with configurable TLS certs
- TLS certificates can be configured on the OIDCProviderConfig using
  the `secretName` field.
- When listening for incoming TLS connections, choose the TLS cert
  based on the SNI hostname of the incoming request.
- Because SNI hostname information on incoming requests does not include
  the port number of the request, we add a validation that
  OIDCProviderConfigs where the issuer hostnames (not including port
  number) are the same must use the same `secretName`.
- Note that this approach does not yet support requests made to an
  IP address instead of a hostname. Also note that `localhost` is
  considered a hostname by SNI.
- Add port 443 as a container port to the pod spec.
- A new controller watches for TLS secrets and caches them in memory.
  That same in-memory cache is used while servicing incoming connections
  on the TLS port.
- Make it easy to configure both port 443 and/or port 80 for various
  Service types using our ytt templates for the supervisor.
- When deploying to kind, add another nodeport and forward it to the
  host on another port to expose our new HTTPS supervisor port to the
  host.
2020-10-26 17:03:26 -07:00
..
docs Remove deprecated "pinniped.dev" API group. 2020-09-18 17:32:15 -05:00
kind-config Supervisor listens for HTTPS on port 443 with configurable TLS certs 2020-10-26 17:03:26 -07:00
tilt Supervisor listens for HTTPS on port 443 with configurable TLS certs 2020-10-26 17:03:26 -07:00
kube-versions.txt Upgrade client-go, et al from 1.19.0 to 1.19.2. 2020-09-24 09:21:10 -05:00
update-codegen.sh Add IdentityProvider field to TokenCredentialRequestSpec. 2020-09-22 10:03:31 -05:00
verify-codegen.sh Update copyright to reference Pinniped contributors 2020-09-16 10:05:51 -04:00
version.sh Do not append "-dirty" to the version number when the git repo is dirty 2020-10-01 17:23:37 -07:00