djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,235 Commits 30 Branches 34 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Andrew Keesler 792bb98680
Revert "Temporarily disable max inflight checks for mutating requests" 
This reverts commit 4a28d1f80083fb7a46180c102e65c1e5a6f977d6.

This commit was originally made to fix a bug that caused TokenCredentialRequest
to become slow when the server was idle for an extended period of time. This was
to address a Kubernetes issue that was fixed in 1.19.5 and onward. We are now
running with Kubernetes 1.20, so we should be able to pick up this fix.
2021-01-13 11:12:09 -05:00
.github
Get rid of WIP workflow
2020-10-27 18:39:19 -04:00
apis
Rename off of main
2020-12-16 14:27:09 -08:00
cmd
Ignore lint error
2021-01-08 14:13:04 -08:00
deploy
Merge branch 'main' of github.com:vmware-tanzu/pinniped into kubernetes-1.20
2021-01-08 13:22:31 -08:00
generated
Merge branch 'main' of github.com:vmware-tanzu/pinniped into kubernetes-1.20
2021-01-08 13:22:31 -08:00
hack
Wire in new env vars for user info testing
2021-01-12 11:23:25 -05:00
internal
Revert "Temporarily disable max inflight checks for mutating requests"
2021-01-13 11:12:09 -05:00
pkg
Merge branch 'main' of github.com:vmware-tanzu/pinniped into kubernetes-1.20
2021-01-08 13:22:31 -08:00
site
Fixing documentation to reference 1.20 generated docs
2021-01-08 15:21:23 -08:00
test
Wire in new env vars for user info testing
2021-01-12 11:23:25 -05:00
.gitattributes
Add .gitattributes as a hint to the GitHub diff viewer.
2020-09-15 11:44:23 -05:00
.gitignore
Add Tilt-based local dev workflow.
2020-10-05 16:34:33 -05:00
.golangci.yaml
Linter allows range of years in copyright
2021-01-05 13:35:09 -08:00
.pre-commit-config.yaml
Got pre-commit to check for correct copyright year
2021-01-05 15:53:14 -08:00
.pre-commit-hooks.yaml
Copyright year precommit hook
2021-01-05 14:02:28 -08:00
ADOPTERS.md
Update module/package names to match GitHub org switch.
2020-09-17 12:56:54 -05:00
CODE_OF_CONDUCT.md
Rename the CoC and contributor guide to the names GitHub recognizes.
2020-10-02 15:53:48 -05:00
CONTRIBUTING.md
CONTRIBUTING.md: add missing integration test dependencies
2020-12-17 13:59:23 -05:00
Dockerfile
1.20 Changes to the update script and Dockerfile
2021-01-07 13:20:25 -08:00
go.mod
Resolving code review suggestions:
2021-01-08 10:21:59 -08:00
go.sum
Merge branch 'main' of github.com:vmware-tanzu/pinniped into kubernetes-1.20
2021-01-08 13:22:31 -08:00
LICENSE
Add Apache 2.0 license.
2020-07-06 13:50:31 -05:00
MAINTAINERS.md
Add Margo and Mo as maintainers of Pinniped
2020-12-17 13:37:20 -05:00
README.md
Fixing documentation to reference 1.20 generated docs
2021-01-08 15:21:23 -08:00
SECURITY.md
Update precommit hook config to ignore generated files and fix whitespace.
2020-08-31 16:41:22 -05:00

README.md

Pinniped Logo

Overview

Pinniped provides identity services to Kubernetes.

Pinniped allows cluster administrators to easily plug in external identity providers (IDPs) into Kubernetes clusters. This is achieved via a uniform install procedure across all types and origins of Kubernetes clusters, declarative configuration via Kubernetes APIs, enterprise-grade integrations with IDPs, and distribution-specific integration strategies.

Example Use Cases

  • Your team uses a large enterprise IDP, and has many clusters that they manage. Pinniped provides:
    • Seamless and robust integration with the IDP
    • Easy installation across clusters of any type and origin
    • A simplified login flow across all clusters
  • Your team shares a single cluster. Pinniped provides:
    • Simple configuration to integrate an IDP
    • Individual, revocable identities

Architecture

The Pinniped Supervisor component offers identity federation to enable a user to access multiple clusters with a single daily login to their external IDP. The Pinniped Supervisor supports various external IDP types.

The Pinniped Concierge component offers credential exchange to enable a user to exchange an external credential for a short-lived, cluster-specific credential. Pinniped supports various authentication methods and implements different integration strategies for various Kubernetes distributions to make authentication possible.

The Pinniped Concierge can be configured to hook into the Pinniped Supervisor's federated credentials, or it can authenticate users directly via external IDP credentials.

To learn more, see architecture.

Pinniped Architecture Sketch

Trying Pinniped

Care to kick the tires? It's easy to install and try Pinniped.

Discussion

Got a question, comment, or idea? Please don't hesitate to reach out via the GitHub Discussions tab at the top of this page.

Contributions

Contributions are welcome. Before contributing, please see the contributing guide.

Reporting Security Vulnerabilities

Please follow the procedure described in SECURITY.md.

License

Pinniped is open source and licensed under Apache License Version 2.0. See LICENSE.

Copyright 2020 the Pinniped contributors. All Rights Reserved.

Description
Pinniped is the easy, secure way to log in to your Kubernetes clusters.
active-directoryauthenticationidentityidpkubernetesldaploginoidc
Readme 22 MiB
Languages
Go 97.3%
Shell 1.3%
HTML 0.5%
SCSS 0.5%
CSS 0.2%
Other 0.1%