Release watcher
tools login

Pinniped (k8s)

notes:

Pinniped provides identity services to Kubernetes.

  • Easily plug in external identity providers into Kubernetes clusters while offering a simple install and configuration experience. Leverage first class integration with Kubernetes and kubectl command-line.
  • Give users a consistent, unified login experience across all your clusters, including on-premises and managed cloud environments.
  • Securely integrate with an enterprise IDP using standard protocols or use secure, externally managed identities instead of relying on simple, shared credentials.

site : https://pinniped.dev/

Edit component notes:

 
Release list
0.44.0
0.43.0
0.42.0
0.41.0
6m+
0.40.0
6m+
0.39.0
6m+
0.38.0
1y+
0.37.0
1y+
0.36.0
1y+
0.35.0
1y+
0.34.0
1y+
0.33.0
1y+
0.32.0
1y+
0.31.0
1y+
0.30.0
1y+
0.29.0
1y+
0.28.0
1y+
0.27.0
1y+
0.26.0
1y+
0.25.0
1y+
Release notes:

Release v0.40.0

Release Image

| Image | Registry | | -------------- | ------------- | | ghcr.io/vmware/pinniped/pinniped-server:v0.40.0 | GitHub Container Registry | | docker.io/getpinniped/pinniped-server:v0.40.0 | DockerHub |

These images can also be referenced by their digest: sha256:fb3c48175998700ecaaa629e05aacc79c7f1ac47f457655668ca8fb984ae5557.

Changes

This release adds new features to JWTAuthenticator and upgrades dependencies.

Major Changes

  • Starting with this release, container images for the release will no longer be pushed to ghcr.io/vmware-tanzu/pinniped/pinniped-server. For this release and for future releases, container images will be pushed to ghcr.io/vmware/pinniped/pinniped-server instead. This is because the Pinniped GitHub repository was recently moved from the vmware-tanzu GitHub organization to the vmware organization. GitHub automatically redirects most things from the old location to the new location, but not the container image repository. (#2526)
  • The Pinniped JWTAuthenticator has several new features which are meant to be similar to features found in Kubernetes AuthenticationConfiguration. (#2491) These are all expert user features and should be used with caution. See the Pinniped API docs for full documentation. The new features are:
    • spec.claimValidationRules: works like jwt[].claimValidationRules
    • spec.userValidationRules: works like jwt[].userValidationRules
    • spec.claims.usernameExpression: works like jwt[].claimMappings.username.expression
    • spec.claims.groupsExpression: works like jwt[].claimMappings.groups.expression
    • spec.claims.extra: works like jwt[].claimMappings.extra
      • Note that while these extras will be added to the client certificate issued by the Pinniped Concierge during end user login, Kubernetes will not respect these extras because Kubernetes has no mechanism for userInfo extras from a client cert. This will probably only be useful if you are using a custom auth proxy in front of Kubernetes.
      • Also note that unlike in Kubernetes structured auth, the keys for these extras in Pinniped are not allowed to contain the = character.

Minor Changes

  • Updates the Kubernetes libraries to v0.33.3, Golang to v1.24.4, and updates all other project dependencies. (#2482, #2475, #2473, #2471, #2393, #2525, #2528)
  • Makes some minor changes to accommodate Pinniped's CI system moving. (#2514, #2506, #2485, #2461)

Diffs

A complete list of changes (45 commits, 199 changed files with 9,549 additions and 1,229 deletions) can be found here.

Copyright © 2023 - All right reserved by Yadoc SAS