af11d8cd58
Previously, when triggering a Tilt reload via a *.go file change, a reload would
take ~13 seconds and we would see this error message in the Tilt logs for each
component.
Live Update failed with unexpected error:
command terminated with exit code 2
Falling back to a full image build + deploy
Now, Tilt should reload images a lot faster (~3 seconds) since we are running
the images as root.
Note! Reloading the Concierge component still takes ~13 seconds because there
are 2 containers running in the Concierge namespace that use the Concierge
image: the main Concierge app and the kube cert agent pod. Tilt can't live
reload both of these at once, so the reload takes longer and we see this error
message.
Will not perform Live Update because:
Error retrieving container info: can only get container info for a single pod; image target image:image/concierge has 2 pods
Falling back to a full image build + deploy
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
|
||
|---|---|---|
| .github | ||
| apis | ||
| cmd | ||
| deploy | ||
| generated | ||
| hack | ||
| internal | ||
| pkg | ||
| site | ||
| test | ||
| .gitattributes | ||
| .gitignore | ||
| .golangci.yaml | ||
| .pre-commit-config.yaml | ||
| .pre-commit-hooks.yaml | ||
| ADOPTERS.md | ||
| CODE_OF_CONDUCT.md | ||
| CONTRIBUTING.md | ||
| Dockerfile | ||
| LICENSE | ||
| MAINTAINERS.md | ||
| README.md | ||
| SECURITY.md | ||
| go.mod | ||
| go.sum | ||
README.md
Overview
Pinniped provides identity services to Kubernetes.
Pinniped allows cluster administrators to easily plug in external identity providers (IDPs) into Kubernetes clusters. This is achieved via a uniform install procedure across all types and origins of Kubernetes clusters, declarative configuration via Kubernetes APIs, enterprise-grade integrations with IDPs, and distribution-specific integration strategies.
Example Use Cases
- Your team uses a large enterprise IDP, and has many clusters that they
manage. Pinniped provides:
- Seamless and robust integration with the IDP
- Easy installation across clusters of any type and origin
- A simplified login flow across all clusters
- Your team shares a single cluster. Pinniped provides:
- Simple configuration to integrate an IDP
- Individual, revocable identities
Architecture
The Pinniped Supervisor component offers identity federation to enable a user to access multiple clusters with a single daily login to their external IDP. The Pinniped Supervisor supports various external IDP types.
The Pinniped Concierge component offers credential exchange to enable a user to exchange an external credential for a short-lived, cluster-specific credential. Pinniped supports various authentication methods and implements different integration strategies for various Kubernetes distributions to make authentication possible.
The Pinniped Concierge can be configured to hook into the Pinniped Supervisor's federated credentials, or it can authenticate users directly via external IDP credentials.
To learn more, see architecture.
Trying Pinniped
Care to kick the tires? It's easy to install and try Pinniped.
Discussion
Got a question, comment, or idea? Please don't hesitate to reach out via the GitHub Discussions tab at the top of this page.
Contributions
Contributions are welcome. Before contributing, please see the contributing guide.
Reporting Security Vulnerabilities
Please follow the procedure described in SECURITY.md.
License
Pinniped is open source and licensed under Apache License Version 2.0. See LICENSE.
Copyright 2020 the Pinniped contributors. All Rights Reserved.