djpbessems
/
ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Pinniped is the easy, secure way to log in to your Kubernetes clusters.
297 Commits 30 Branches 34 Tags 22 MiB
Go 97.3%
Shell 1.3%
HTML 0.5%
SCSS 0.5%
CSS 0.2%
Other 0.1%
Go to file
Andrew Keesler f9554e0bde
feature-proposal.md: I need more sleep 		2020-08-27 11:46:43 -04:00
.github feature-proposal.md: I need more sleep 2020-08-27 11:46:43 -04:00
apis Merge branch 'main' into self_test 2020-08-25 19:02:27 -07:00
cmd Rename project 2020-08-20 10:54:15 -07:00
deploy Fix some copy issues in the docs 2020-08-27 08:39:57 -04:00
doc Make feature proposal and bug report language more similar 2020-08-27 11:44:54 -04:00
generated Merge branch 'main' into self_test 2020-08-25 19:02:27 -07:00
hack Merge branch 'main' into self_test 2020-08-25 19:02:27 -07:00
internal internal/controller/issuerconfig: add missing invalid kubeconfig test? 2020-08-27 10:43:13 -04:00
pkg Convert code to use the new generated packages. 2020-08-24 14:42:27 -05:00
test test: fix ci failure: "no Auth Provider found for name "gcp"" 2020-08-27 09:12:34 -04:00
tools Add generated mock for loginrequest.CertIssuer interface. 2020-07-27 12:33:33 -07:00
.gitignore Hello, world! 2020-07-02 17:05:59 -07:00
.golangci.yaml Fix latent linter issues. 2020-08-06 20:42:20 -05:00
.pre-commit-config.yaml Add a .pre-commit-config.yaml file. 2020-08-14 14:41:11 -05:00
Dockerfile Convert code to use the new generated packages. 2020-08-24 14:42:27 -05:00
LICENSE Add Apache 2.0 license. 2020-07-06 13:50:31 -05:00
README.md Fix some copy issues in the docs 2020-08-27 08:39:57 -04:00
go.mod Convert code to use the new generated packages. 2020-08-24 14:42:27 -05:00
go.sum Convert code to use the new generated packages. 2020-08-24 14:42:27 -05:00

README.md

Pinniped

Image of pinniped

Overview

Pinniped provides identity services to Kubernetes.

Pinniped allows cluster administrators to easily plugin upstream identity providers (IDPs) into Kubernetes clusters. This is achieved via a uniform install procedure across all types and origins of Kubernetes clusters, declarative configuration via Kubernetes APIs, enterprise-grade integrations with upstream IDPs, and distribution-specific integration mechanisms.

Use cases

  • Your team uses a large enterprise IDP, and has many clusters that they manage; Pinniped provides:
    • seamless and robust integration with the upstream IDP,
    • the ability to be easily installed across clusters of any type and origin,
    • and a simplified login flow across all clusters.
  • You are on a small team that shares a single cluster; Pinniped provides:
    • simple configuration for your team's specific needs,
    • and individual, revocable identities.

Architecture

Pinniped offers a credential exchange API via a Kubernetes aggregated API where a user can exchange an upstream IDP credential for a cluster-specific credential. A specific example of this exchange is provided below where:

  • the upstream IDP is a webhook that supports the Kubernetes TokenReview API,
  • the cluster-specific credential is minted using the cluster signing keypair to issue short-lived cluster certificates (note: this particular credential minting mechanism is temporary until the Kubernetes CSR API provides the ability to set a certificate TTL),
  • and the cluster-specific credential is provided to the kubectl binary using a Kubernetes client-go credential plugin.

implementation

Install

To try out Pinniped, check out our officially supported deployment mechanism with ytt.

Contribute

If you want to contribute to (or just hack on) Pinniped (we encourage it!), first check out our Code of Conduct, and then our contributing doc.

License

Pinniped is open source and licensed under Apache License Version 2.0. See LICENSE file.

Copyright 2020 VMware, Inc.