djpbessems
/
ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ContainerImage.Pinniped/deploy/concierge
History
Ryan Richard 0b300cbe42 Use TokenCredentialRequest instead of base64 token with impersonator 
To make an impersonation request, first make a TokenCredentialRequest
to get a certificate. That cert will either be issued by the Kube
API server's CA or by a new CA specific to the impersonator. Either
way, you can then make a request to the impersonator and present
that client cert for auth and the impersonator will accept it and
make the impesonation call on your behalf.

The impersonator http handler now borrows some Kube library code
to handle request processing. This will allow us to more closely
mimic the behavior of a real API server, e.g. the client cert
auth will work exactly like the real API server.

Signed-off-by: Monis Khan <mok@vmware.com>
 		2021-03-10 10:30:06 -08:00
..
README.md Restructure docs into new layout. 2021-02-23 11:11:07 -06:00
authentication.concierge.pinniped.dev_jwtauthenticators.yaml Generated 2021-02-10 21:52:09 -05:00
authentication.concierge.pinniped.dev_webhookauthenticators.yaml Generated 2021-02-10 21:52:09 -05:00
config.concierge.pinniped.dev_credentialissuers.yaml Add new allowed values to field validations on CredentialIssuer 2021-03-03 12:53:41 -08:00
deployment.yaml Use TokenCredentialRequest instead of base64 token with impersonator 2021-03-10 10:30:06 -08:00
helpers.lib.yaml deploy: wire API group suffix through YTT templates 2021-01-19 17:23:06 -05:00
rbac.yaml Merge remote-tracking branch 'upstream/main' into impersonation-proxy 2021-02-23 12:10:52 -05:00
values.yaml deploy: wire API group suffix through YTT templates 2021-01-19 17:23:06 -05:00
z0_crd_overlay.yaml deploy: wire API group suffix through YTT templates 2021-01-19 17:23:06 -05:00

README.md

Pinniped Concierge Deployment

See the how-to guide for details.