Pinniped (k8s)
Pinniped provides identity services to Kubernetes.
- Easily plug in external identity providers into Kubernetes clusters while offering a simple install and configuration experience. Leverage first class integration with Kubernetes and kubectl command-line.
- Give users a consistent, unified login experience across all your clusters, including on-premises and managed cloud environments.
- Securely integrate with an enterprise IDP using standard protocols or use secure, externally managed identities instead of relying on simple, shared credentials.
site : https://pinniped.dev/
Release v0.4.0
Release Images
| Image | Registry |
|---|---|
ghcr.io/vmware-tanzu/pinniped/pinniped-server:v0.4.0 |
GitHub Container Registry |
docker.io/getpinniped/pinniped-server:v0.4.0 |
DockerHub |
Changes
Major Changes
- The Pinniped supervisor now loads additional OIDC claims by calling the UserInfo endpoint during the authorization flow. This enables support for passing custom claims such as groups on a wider range of upstream identity providers.
Minor Changes
-
Improved documentation for both the concierge and supervisor.
-
Added filtering to supervisor controllers to improve performance and reduce CPU overhead and log noise.
-
More consistently set owner references on all Kubernetes resources created by Pinniped.
-
Stop setting
blockOwnerDeletion: trueon resources created by Pinniped. -
Normalize the type of the
groupsclaim in ID tokens issued by the supervisor. The claim will now always be a list of strings, which may be empty if the upstream identity provider did not provide a groups claim. -
Fixed some intermittent integration test flakes.
-
Upgraded Kubernetes library components to v1.20.1.
Diffs
A complete list of changes (74 commits, 247 changed files with 14,880 additions and 1,410 deletions!) can be found here.
Updates
The attached yaml files were updated on May 6, 2024 to use ghcr.io/vmware-tanzu/pinniped/pinniped-server instead of projects.registry.vmware.com/pinniped/pinniped-server.