djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
a2ecd05240
ContainerImage.Pinniped/internal
History
Ryan Richard a2ecd05240 Impersonator config controller writes CA cert & key to different Secret 
- The CA cert will end up in the end user's kubeconfig on their client
  machine, so if it changes they would need to fetch the new one and
  update their kubeconfig. Therefore, we should avoid changing it as
  much as possible.
- Now the controller writes the CA to a different Secret. It writes both
  the cert and the key so it can reuse them to create more TLS
  certificates in the future.
- For now, it only needs to make more TLS certificates if the old
  TLS cert Secret gets deleted or updated to be invalid. This allows
  for manual rotation of the TLS certs by simply deleting the Secret.
  In the future, we may want to implement some kind of auto rotation.
- For now, rotation of both the CA and TLS certs will also happen if
  you manually delete the CA Secret. However, this would cause the end
  users to immediately need to get the new CA into their kubeconfig,
  so this is not as elegant as a normal rotation flow where you would
  have a window of time where you have more than one CA.
2021-03-01 17:02:08 -08:00
..
apiserviceref Use API service as owner ref for cluster scoped resources 2021-02-10 21:52:08 -05:00
certauthority Impersonator config controller writes CA cert & key to different Secret 2021-03-01 17:02:08 -08:00
clusterhost Introduce clusterhost package to determine whether a cluster has control plane nodes 2021-02-09 11:16:01 -08:00
concierge Updated test assertions for new logger version 2021-02-25 15:18:36 -08:00
config Add WhoAmIRequest Aggregated Virtual REST API 2021-02-22 20:02:41 -05:00
constable Save 2 lines by using inline-style comments for Copyright 2020-09-16 10:35:19 -04:00
controller Impersonator config controller writes CA cert & key to different Secret 2021-03-01 17:02:08 -08:00
controllerlib Allow multiple Pinnipeds to work on same cluster 2021-02-02 15:18:41 -08:00
controllermanager Impersonator config controller writes CA cert & key to different Secret 2021-03-01 17:02:08 -08:00
crud Supervisor storage garbage collection controller enabled in production 2020-12-11 15:21:34 -08:00
deploymentref Use API service as owner ref for cluster scoped resources 2021-02-10 21:52:08 -05:00
downward internal/downward: add support for (optional) pod name 2020-12-11 11:49:27 -05:00
dynamiccert internal/provider -> internal/dynamiccert 2020-09-23 08:29:35 -04:00
fositestorage Update ExpectedAuthorizeCodeSessionJSONFromFuzzing. 2020-12-17 16:31:08 -06:00
groupsuffix Add WhoAmIRequest Aggregated Virtual REST API 2021-02-22 20:02:41 -05:00
here Save 2 lines by using inline-style comments for Copyright 2020-09-16 10:35:19 -04:00
httputil Simplify securityheader package by merging header fields. 2020-12-16 12:41:05 -06:00
kubeclient Add WhoAmIRequest Aggregated Virtual REST API 2021-02-22 20:02:41 -05:00
mocks Use new 'go.pinniped.dev/generated/latest' package. 2021-02-16 13:00:08 -06:00
oidc Add some trivial unit tests to internal/oidc/csrftoken. 2021-02-02 09:38:17 -06:00
ownerref internal/groupsuffix: mutate TokenCredentialRequest's Authenticator 2021-02-10 15:53:44 -05:00
plog internal/plog: add KObj() and KRef() 2021-02-10 14:25:39 -05:00
registry Add WhoAmIRequest Aggregated Virtual REST API 2021-02-22 20:02:41 -05:00
secret Rename off of main 2020-12-16 14:27:09 -08:00
testutil Merge remote-tracking branch 'upstream/main' into impersonation-proxy 2021-02-23 12:10:52 -05:00
upstreamoidc Upgrade to github.com/coreos/go-oidc v3.0.0. 2021-01-21 12:08:14 -06:00