Pinniped (k8s)

vmware/pinniped last check 49 releases
Notes

Pinniped provides identity services to Kubernetes.

  • Easily plug in external identity providers into Kubernetes clusters while offering a simple install and configuration experience. Leverage first class integration with Kubernetes and kubectl command-line.
  • Give users a consistent, unified login experience across all your clusters, including on-premises and managed cloud environments.
  • Securely integrate with an enterprise IDP using standard protocols or use secure, externally managed identities instead of relying on simple, shared credentials.

site : https://pinniped.dev/

Release notes
v0.9.2 · 1y+
view on github

Release v0.9.2

Release Images

Image Registry
ghcr.io/vmware-tanzu/pinniped/pinniped-server:v0.9.2 GitHub Container Registry
docker.io/getpinniped/pinniped-server:v0.9.2 DockerHub

Changes

Pinniped v0.9.2 is a small security hardening release on top of the recent v0.9.1 release.

Minor Changes

  • We've made several changes to harden the impersonation proxy against potential future security vulnerabilities. These changes are proactive based on our understanding of potential issues:

    • The impersonation proxy now always authorizes every request, rather than deferring authorization to the Kubernetes API.

    • The impersonation proxy now uses a distinct service account with no RBAC privileges other than impersonation.

    • On clusters where anonymous authentication is disabled (such as AKS), the impersonation proxy now refuses anonymous requests. The Pinniped TokenCredentialRequest API is still allowed, since it is necessarily a pre-authentication API.

  • Upgraded Go from 1.16.4 to 1.16.5.

Diffs

A complete list of changes (16 commits, 15 changed files with 1,197 additions and 210 deletions) can be found here.

Updates

The attached yaml files were updated on May 6, 2024 to use ghcr.io/vmware-tanzu/pinniped/pinniped-server instead of projects.registry.vmware.com/pinniped/pinniped-server.