Pinniped (k8s)

vmware/pinniped last check 2026-06-20 21:06 UTC 49 releases

Notes

Pinniped provides identity services to Kubernetes.

Easily plug in external identity providers into Kubernetes clusters while offering a simple install and configuration experience. Leverage first class integration with Kubernetes and kubectl command-line.
Give users a consistent, unified login experience across all your clusters, including on-premises and managed cloud environments.
Securely integrate with an enterprise IDP using standard protocols or use secure, externally managed identities instead of relying on simple, shared credentials.

site : https://pinniped.dev/

Release notes

v0.4.1 · 1y+

view on github

Release v0.4.1

Release Images

Image	Registry
`ghcr.io/vmware-tanzu/pinniped/pinniped-server:v0.4.1`	GitHub Container Registry
`docker.io/getpinniped/pinniped-server:v0.4.1`	DockerHub

Changes

Major Changes

None

Minor Changes

There is only one change included compared to v0.4.0:

When the the Supervisor is configured to use the upstream OIDC Provider's email claim as the downstream username, then validate that the email_verified claim has the value true if the email_verified claim was included in the upstream ID token. If the email_validated claim is not included in the upstream ID token, then assume that the upstream provider doesn't implement it and allow the login to continue. This change only impacts configurations where the configured upstream OIDC Provider supports the email_verified claim, which is usually supported Providers which allow users to either self-register for an account or modify their email addresses on an existing account.

Updates

The attached yaml files were updated on May 6, 2024 to use ghcr.io/vmware-tanzu/pinniped/pinniped-server instead of projects.registry.vmware.com/pinniped/pinniped-server.