Andrew Keesler e05213f9dd
supervisor-generate-key: use EC keys intead of RSA
EC keys are smaller and take less time to generate. Our integration
tests were super flakey because generating an RSA key would take up to
10 seconds *gasp*. The main token verifier that we care about is
Kubernetes, which supports P256, so hopefully it won't be that much of
an issue that our default signing key type is EC. The OIDC spec seems
kinda squirmy when it comes to using non-RSA signing algorithms...

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-10-15 11:33:08 -04:00
2020-10-05 15:51:53 -05:00
2020-10-15 09:19:00 -04:00
2020-10-05 16:34:33 -05:00
2020-09-18 14:56:24 -05:00
2020-07-06 13:50:31 -05:00

Pinniped Logo

Overview

Pinniped provides identity services to Kubernetes.

Pinniped allows cluster administrators to easily plug in external identity providers (IDPs) into Kubernetes clusters. This is achieved via a uniform install procedure across all types and origins of Kubernetes clusters, declarative configuration via Kubernetes APIs, enterprise-grade integrations with IDPs, and distribution-specific integration strategies.

Example Use Cases

  • Your team uses a large enterprise IDP, and has many clusters that they manage. Pinniped provides:
    • Seamless and robust integration with the IDP
    • Easy installation across clusters of any type and origin
    • A simplified login flow across all clusters
  • Your team shares a single cluster. Pinniped provides:
    • Simple configuration to integrate an IDP
    • Individual, revocable identities

Architecture

Pinniped offers credential exchange to enable a user to exchange an external IDP credential for a short-lived, cluster-specific credential. Pinniped supports various IDP types and implements different integration strategies for various Kubernetes distributions to make authentication possible.

To learn more, see doc/architecture.md.

Pinniped Architecture Sketch

Trying Pinniped

Care to kick the tires? It's easy to install and try Pinniped.

Discussion

Got a question, comment, or idea? Please don't hesitate to reach out via the GitHub Discussions tab at the top of this page.

Contributions

Contributions are welcome. Before contributing, please see the contributing guide.

Reporting Security Vulnerabilities

Please follow the procedure described in SECURITY.md.

License

Pinniped is open source and licensed under Apache License Version 2.0. See LICENSE.

Copyright 2020 the Pinniped contributors. All Rights Reserved.

Description
Pinniped is the easy, secure way to log in to your Kubernetes clusters.
Readme 22 MiB
Languages
Go 97.3%
Shell 1.3%
HTML 0.5%
SCSS 0.5%
CSS 0.2%
Other 0.1%