Pinniped (k8s)

vmware/pinniped last check 49 releases
Notes

Pinniped provides identity services to Kubernetes.

  • Easily plug in external identity providers into Kubernetes clusters while offering a simple install and configuration experience. Leverage first class integration with Kubernetes and kubectl command-line.
  • Give users a consistent, unified login experience across all your clusters, including on-premises and managed cloud environments.
  • Securely integrate with an enterprise IDP using standard protocols or use secure, externally managed identities instead of relying on simple, shared credentials.

site : https://pinniped.dev/

Release notes
v0.26.0 · 1y+
view on github

Release v0.26.0

Release Image

Image Registry
ghcr.io/vmware-tanzu/pinniped/pinniped-server:v0.26.0 GitHub Container Registry
docker.io/getpinniped/pinniped-server:v0.26.0 DockerHub

These images can also be referenced by their digest: sha256:a92183de893eb0b1850cc3a1d33306b96ba2cdb72a8a49c6493a58c01b4fa9cd.

Changes

This release introduces new features for using multiple identity providers, and identity transformation and policy expressions. It also includes some minor changes and upgrades all project dependencies.

Major Changes

  • The Pinniped Supervisor can now be configured to source user identities from multiple identity providers (#1660). It can also be configured to transform usernames and group names using CEL expressions, and to reject authentication based on usernames and group names using CEL expressions. For more information, see the blog post for this release.

Minor Changes

  • Updates the output of the pinniped version CLI command and the procedure for setting the version number at build time (#1634). The pinniped version CLI command also now accepts new optional arguments -o json and -o yaml to set an alternate output format. Note that this PR changes how to inject the version number into the CLI and server binaries at build time. Anyone who is doing their own Docker build, or using their own custom Dockerfile, or building the CLI, may need to change how the version number is injected at build time, if they choose to have a version number for their server and CLI binaries. Export the KUBE_GIT_VERSION environment variable to set the semver version number before calling hack/get-ldflags.sh to set the ldflags for the go build command. For example, set the KUBE_GIT_VERSION variable to v0.26.0. When using the project's Dockerfile, this value can be passed as a build ARG. When building the CLI, use export KUBE_GIT_VERSION=v0.26.0 && CGO_ENABLED=0 GOOS="darwin" GOARCH="amd64" go build -trimpath -ldflags "$(hack/get-ldflags.sh)" ./cmd/pinniped.
  • Refactors to use Conditions type from the Kubernetes library (#1644). If you are using the generated client code in a Golang project, you may need to change your import statements for the Conditions type used by several Pinniped types to import it from the k8s.io/apimachinery/pkg/apis/meta/v1 library.
  • Updates Go to v1.21.1, update Kubernetes libraries to v0.28.2, and updates all other project dependencies (#1630, #1646, #1647, #1664, #1674, #1675, #1676, #1677).
  • Improves logging for debugging Pinniped Supervisor ingress and TLS certificate configuration problems at the default log level (#1662).
  • Documentation and minor web site updates (#1419, #1621, #1631, #1654, #1663)

Bug Fixes

  • Fix an error that can occur in the Concierge when the cluster has been configured to automatically inject sidecar containers into every pod, including the kube cert agent pod (#1682).

Diffs

A complete list of changes (148 commits, 1,179 changed files with 27,130 additions and 108,272 deletions) can be found here.

Acknowledgements

Thanks to @djpbessems for providing suggestions and feedback for one of the docs PRs (#1631).

Updates

The attached yaml files were updated on May 6, 2024 to use ghcr.io/vmware-tanzu/pinniped/pinniped-server instead of projects.registry.vmware.com/pinniped/pinniped-server.