djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Pinniped is the easy, secure way to log in to your Kubernetes clusters.
1,244 Commits 30 Branches 34 Tags 22 MiB
Go 97.3%
Shell 1.3%
HTML 0.5%
SCSS 0.5%
CSS 0.2%
Other 0.1%
af11d8cd58
Go to file
Andrew Keesler af11d8cd58
Run Tilt images as root for faster reload 
Previously, when triggering a Tilt reload via a *.go file change, a reload would
take ~13 seconds and we would see this error message in the Tilt logs for each
component.

  Live Update failed with unexpected error:
    command terminated with exit code 2
  Falling back to a full image build + deploy

Now, Tilt should reload images a lot faster (~3 seconds) since we are running
the images as root.

Note! Reloading the Concierge component still takes ~13 seconds because there
are 2 containers running in the Concierge namespace that use the Concierge
image: the main Concierge app and the kube cert agent pod. Tilt can't live
reload both of these at once, so the reload takes longer and we see this error
message.

  Will not perform Live Update because:
    Error retrieving container info: can only get container info for a single pod; image target image:image/concierge has 2 pods
  Falling back to a full image build + deploy

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2021-01-15 11:34:53 -05:00
.github Update feature proposal template to work for users and contributors 2020-10-15 17:01:24 -04:00
apis Rename off of main 2020-12-16 14:27:09 -08:00
cmd Ignore lint error 2021-01-08 14:13:04 -08:00
deploy Run Tilt images as root for faster reload 2021-01-15 11:34:53 -05:00
generated Merge branch 'main' of github.com:vmware-tanzu/pinniped into kubernetes-1.20 2021-01-08 13:22:31 -08:00
hack Run Tilt images as root for faster reload 2021-01-15 11:34:53 -05:00
internal PR feedback-- omit empty groups, keep groups as nil until last minute 2021-01-14 15:11:00 -08:00
pkg Merge branch 'main' of github.com:vmware-tanzu/pinniped into kubernetes-1.20 2021-01-08 13:22:31 -08:00
site Fixing documentation to reference 1.20 generated docs 2021-01-08 15:21:23 -08:00
test Fix an issue in TestE2EFullIntegration groups assertions. 2021-01-14 21:06:02 -06:00
.gitattributes Add .gitattributes as a hint to the GitHub diff viewer. 2020-09-15 11:44:23 -05:00
.gitignore Add Tilt-based local dev workflow. 2020-10-05 16:34:33 -05:00
.golangci.yaml Linter allows range of years in copyright 2021-01-05 13:35:09 -08:00
.pre-commit-config.yaml Got pre-commit to check for correct copyright year 2021-01-05 15:53:14 -08:00
.pre-commit-hooks.yaml Copyright year precommit hook 2021-01-05 14:02:28 -08:00
ADOPTERS.md Update module/package names to match GitHub org switch. 2020-09-17 12:56:54 -05:00
CODE_OF_CONDUCT.md Rename the CoC and contributor guide to the names GitHub recognizes. 2020-10-02 15:53:48 -05:00
CONTRIBUTING.md CONTRIBUTING.md: add missing integration test dependencies 2020-12-17 13:59:23 -05:00
Dockerfile 1.20 Changes to the update script and Dockerfile 2021-01-07 13:20:25 -08:00
go.mod Resolving code review suggestions: 2021-01-08 10:21:59 -08:00
go.sum Merge branch 'main' of github.com:vmware-tanzu/pinniped into kubernetes-1.20 2021-01-08 13:22:31 -08:00
LICENSE Add Apache 2.0 license. 2020-07-06 13:50:31 -05:00
MAINTAINERS.md Add Margo and Mo as maintainers of Pinniped 2020-12-17 13:37:20 -05:00
README.md Fixing documentation to reference 1.20 generated docs 2021-01-08 15:21:23 -08:00
SECURITY.md Update precommit hook config to ignore generated files and fix whitespace. 2020-08-31 16:41:22 -05:00

README.md

Pinniped Logo

Overview

Pinniped provides identity services to Kubernetes.

Pinniped allows cluster administrators to easily plug in external identity providers (IDPs) into Kubernetes clusters. This is achieved via a uniform install procedure across all types and origins of Kubernetes clusters, declarative configuration via Kubernetes APIs, enterprise-grade integrations with IDPs, and distribution-specific integration strategies.

Example Use Cases

  • Your team uses a large enterprise IDP, and has many clusters that they manage. Pinniped provides:
    • Seamless and robust integration with the IDP
    • Easy installation across clusters of any type and origin
    • A simplified login flow across all clusters
  • Your team shares a single cluster. Pinniped provides:
    • Simple configuration to integrate an IDP
    • Individual, revocable identities

Architecture

The Pinniped Supervisor component offers identity federation to enable a user to access multiple clusters with a single daily login to their external IDP. The Pinniped Supervisor supports various external IDP types.

The Pinniped Concierge component offers credential exchange to enable a user to exchange an external credential for a short-lived, cluster-specific credential. Pinniped supports various authentication methods and implements different integration strategies for various Kubernetes distributions to make authentication possible.

The Pinniped Concierge can be configured to hook into the Pinniped Supervisor's federated credentials, or it can authenticate users directly via external IDP credentials.

To learn more, see architecture.

Pinniped Architecture Sketch

Trying Pinniped

Care to kick the tires? It's easy to install and try Pinniped.

Discussion

Got a question, comment, or idea? Please don't hesitate to reach out via the GitHub Discussions tab at the top of this page.

Contributions

Contributions are welcome. Before contributing, please see the contributing guide.

Reporting Security Vulnerabilities

Please follow the procedure described in SECURITY.md.

License

Pinniped is open source and licensed under Apache License Version 2.0. See LICENSE.

Copyright 2020 the Pinniped contributors. All Rights Reserved.