Pinniped is the easy, secure way to log in to your Kubernetes clusters.
Go to file
Andrew Keesler 38e26d7a49
test/library: use client-go anonymous rest config helper
I saw this helper function the other day and wondered if we could use it.
It does indeed look like it does what we want, because when I run this code,
I get `...User "system:anonymous" cannot get resource...`.

  c := library.NewAnonymousPinnipedClientset(t)
  _, err := c.
    ConfigV1alpha1().
    CredentialIssuerConfigs("integration").
    Get(context.Background(), "pinniped-config", metav1.GetOptions{})
  t.Log(err)

I also ran a similar test using this new helper in the context of
library.NewClientsetWithCertAndKey(). Seemed to get us what we want.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-09-28 09:22:01 -04:00
.github PR template is not working, so trying moving it up one directory 2020-09-17 16:36:33 -07:00
apis Add IdentityProvider field to TokenCredentialRequestSpec. 2020-09-22 10:03:31 -05:00
cmd internal/provider -> internal/dynamiccert 2020-09-23 08:29:35 -04:00
deploy Update documentation to use the deployment YAML files from the releases 2020-09-24 17:56:21 -07:00
deploy-local-user-authenticator Update documentation to use the deployment YAML files from the releases 2020-09-24 17:56:21 -07:00
doc Add mention of how to work around MacOS download security in demo.md 2020-09-25 12:56:45 -07:00
generated Upgrade client-go, et al from 1.19.0 to 1.19.2. 2020-09-24 09:21:10 -05:00
hack Upgrade client-go, et al from 1.19.0 to 1.19.2. 2020-09-24 09:21:10 -05:00
internal Fix expected CIC status message on non-hosted control planes 2020-09-24 17:56:55 -04:00
pkg/config Plumb through ImagePullSecrets to agent pod 2020-09-24 15:52:05 -04:00
test test/library: use client-go anonymous rest config helper 2020-09-28 09:22:01 -04:00
tools Save 2 lines by using inline-style comments for Copyright 2020-09-16 10:35:19 -04:00
.gitattributes Add .gitattributes as a hint to the GitHub diff viewer. 2020-09-15 11:44:23 -05:00
.gitignore Hello, world! 2020-07-02 17:05:59 -07:00
.golangci.yaml Add Go vanity import paths. 2020-09-18 14:56:24 -05:00
.pre-commit-config.yaml Update precommit hook config to ignore generated files and fix whitespace. 2020-08-31 16:41:22 -05:00
ADOPTERS.md Update module/package names to match GitHub org switch. 2020-09-17 12:56:54 -05:00
Dockerfile Bump golang from 1.15.1 to 1.15.2 2020-09-16 14:59:35 +00:00
go.mod Upgrade client-go, et al from 1.19.0 to 1.19.2. 2020-09-24 09:21:10 -05:00
go.sum Upgrade client-go, et al from 1.19.0 to 1.19.2. 2020-09-24 09:21:10 -05:00
LICENSE Add Apache 2.0 license. 2020-07-06 13:50:31 -05:00
MAINTAINERS.md MAINTAINERS.md: add initial draft 2020-09-15 13:14:50 -04:00
README.md Update documentation to use the deployment YAML files from the releases 2020-09-24 17:56:21 -07:00
SECURITY.md Update precommit hook config to ignore generated files and fix whitespace. 2020-08-31 16:41:22 -05:00

Pinniped Logo

Overview

Pinniped provides identity services to Kubernetes.

Pinniped allows cluster administrators to easily plug in external identity providers (IDPs) into Kubernetes clusters. This is achieved via a uniform install procedure across all types and origins of Kubernetes clusters, declarative configuration via Kubernetes APIs, enterprise-grade integrations with IDPs, and distribution-specific integration strategies.

Example Use Cases

  • Your team uses a large enterprise IDP, and has many clusters that they manage. Pinniped provides:
    • Seamless and robust integration with the IDP
    • Easy installation across clusters of any type and origin
    • A simplified login flow across all clusters
  • Your team shares a single cluster. Pinniped provides:
    • Simple configuration to integrate an IDP
    • Individual, revocable identities

Architecture

Pinniped offers credential exchange to enable a user to exchange an external IDP credential for a short-lived, cluster-specific credential. Pinniped supports various IDP types and implements different integration strategies for various Kubernetes distributions to make authentication possible.

To learn more, see doc/architecture.md.

Pinniped Architecture Sketch

Trying Pinniped

Care to kick the tires? It's easy to install and try Pinniped.

Contributions

Contributions are welcome. Before contributing, please see the contributing guide.

Reporting Security Vulnerabilities

Please follow the procedure described in SECURITY.md.

License

Pinniped is open source and licensed under Apache License Version 2.0. See LICENSE.

Copyright 2020 the Pinniped contributors. All Rights Reserved.