djpbessems
/
ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ContainerImage.Pinniped/internal
History
Matt Moyer 657488fe90
Create CredentialIssuer at install, not runtime. 
Previously, our controllers would automatically create a CredentialIssuer with a singleton name. The helpers we had for this also used "raw" client access and did not take advantage of the informer cache pattern.

With this change, the CredentialIssuer is always created at install time in the ytt YAML. The controllers now only update the existing CredentialIssuer status, and they do so using the informer cache as much as possible.

This change is targeted at only the kubecertagent controller to start. The impersonatorconfig controller will be updated in a following PR along with other changes.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 		2021-05-19 17:15:25 -05:00
..
apiserviceref Use API service as owner ref for cluster scoped resources 2021-02-10 21:52:08 -05:00
authenticators More LDAP WIP: started controller and LDAP server connection code 2021-04-09 18:49:43 -07:00
certauthority dynamiccert: split into serving cert and CA providers 2021-03-15 12:24:07 -04:00
clusterhost Introduce clusterhost package to determine whether a cluster has control plane nodes 2021-02-09 11:16:01 -08:00
concierge impersonator: add support for service account token authentication 2021-04-29 17:30:35 -04:00
config Missed a usage of int64Ptr in previous commit 2021-05-12 14:00:26 -07:00
constable Save 2 lines by using inline-style comments for Copyright 2020-09-16 10:35:19 -04:00
controller Create CredentialIssuer at install, not runtime. 2021-05-19 17:15:25 -05:00
controllerlib Allow multiple Pinnipeds to work on same cluster 2021-02-02 15:18:41 -08:00
controllermanager Create CredentialIssuer at install, not runtime. 2021-05-19 17:15:25 -05:00
crud Supervisor storage garbage collection controller enabled in production 2020-12-11 15:21:34 -08:00
deploymentref Use API service as owner ref for cluster scoped resources 2021-02-10 21:52:08 -05:00
downward internal/downward: add support for (optional) pod name 2020-12-11 11:49:27 -05:00
dynamiccert dynamiccert: unit test with DynamicServingCertificateController 2021-03-15 17:23:37 -04:00
execcredcache Add CLI caching of cluster-specific credentials. 2021-04-08 14:12:34 -05:00
fositestorage Update ExpectedAuthorizeCodeSessionJSONFromFuzzing. 2020-12-17 16:31:08 -06:00
fositestoragei More adjustments based on PR feedback 2021-04-27 16:54:26 -07:00
groupsuffix Add WhoAmIRequest Aggregated Virtual REST API 2021-02-22 20:02:41 -05:00
here Save 2 lines by using inline-style comments for Copyright 2020-09-16 10:35:19 -04:00
httputil impersonator: test UID impersonation and header canonicalization 2021-03-16 13:00:51 -04:00
issuer dynamiccert: split into serving cert and CA providers 2021-03-15 12:24:07 -04:00
kubeclient internal/kubeclient: match plog level with klog level 2021-04-21 16:25:08 -04:00
mocks ldap: add initial stub upstream LDAP connection package 2021-04-09 11:38:53 -04:00
oidc Merge branch 'main' into initial_ldap 2021-05-13 14:24:10 -07:00
ownerref internal/groupsuffix: mutate TokenCredentialRequest's Authenticator 2021-02-10 15:53:44 -05:00
plog WIP on new plog 2021-04-21 09:02:45 -07:00
registry cred req: disallow lossy user info translations 2021-05-17 19:03:44 -04:00
secret All controller unit tests should not cancel context until test is over 2021-03-04 17:26:01 -08:00
testutil WIP: add supervisor upstream flags to `pinniped get kubeconfig` 2021-04-30 14:28:03 -07:00
upstreamldap Log slow LDAP authentication attempts for debugging purposes 2021-05-12 11:59:48 -07:00
upstreamoidc Upgrade to github.com/coreos/go-oidc v3.0.0. 2021-01-21 12:08:14 -06:00
valuelesscontext valuelesscontext: make unit tests more clear 2021-04-30 10:43:29 -04:00