mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-01-10 07:58:07 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
2ae631b6036e2deb2c23b2988970aa3f56912026
pinniped/deploy/concierge
History
Andrew Keesler 2ae631b603 deploy/concierge: add RBAC for flowschemas and prioritylevelconfigurations 
As of upgrading to Kubernetes 1.20, our aggregated API server nows runs some
controllers for the two flowcontrol.apiserver.k8s.io resources in the title of
this commit, so it needs RBAC to read them.

This should get rid of the following error messages in our Concierge logs:
  Failed to watch *v1beta1.FlowSchema: failed to list *v1beta1.FlowSchema: flowschemas.flowcontrol.apiserver.k8s.io is forbidden: User "system:serviceaccount:concierge:concierge" cannot list resource "flowschemas" in API group "flowcontrol.apiserver.k8s.io" at the cluster scope
  Failed to watch *v1beta1.PriorityLevelConfiguration: failed to list *v1beta1.PriorityLevelConfiguration: prioritylevelconfigurations.flowcontrol.apiserver.k8s.io is forbidden: User "system:serviceaccount:concierge:concierge" cannot list resource "prioritylevelconfigurations" in API group "flowcontrol.apiserver.k8s.io" at the cluster scope

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2021-02-05 08:19:12 -05:00
..
authentication.concierge.pinniped.dev_jwtauthenticators.yaml
Nest claim configs one level deeper in JWTAuthenticatorSpec
2020-12-16 09:42:19 -08:00
authentication.concierge.pinniped.dev_webhookauthenticators.yaml
Put all of our APIs into a "pinniped" category, and never use "all".
2020-11-12 16:26:34 -06:00
config.concierge.pinniped.dev_credentialissuers.yaml
Put all of our APIs into a "pinniped" category, and never use "all".
2020-11-12 16:26:34 -06:00
deployment.yaml
deploy: wire API group suffix through YTT templates
2021-01-19 17:23:06 -05:00
helpers.lib.yaml
deploy: wire API group suffix through YTT templates
2021-01-19 17:23:06 -05:00
rbac.yaml
deploy/concierge: add RBAC for flowschemas and prioritylevelconfigurations
2021-02-05 08:19:12 -05:00
README.md
Clean up docs using https://get.pinniped.dev redirects.
2021-01-28 10:15:39 -06:00
values.yaml
deploy: wire API group suffix through YTT templates
2021-01-19 17:23:06 -05:00
z0_crd_overlay.yaml
deploy: wire API group suffix through YTT templates
2021-01-19 17:23:06 -05:00

README.md

Deploying

Connecting Pinniped to an Identity Provider

If you would like to try Pinniped, but you don't have a compatible identity provider, you can use Pinniped's test identity provider. See deploy/local-user-authenticator/README.md for details.

Installing the Latest Version with Default Options

kubectl apply -f https://get.pinniped.dev/latest/install-pinniped-concierge.yaml

Installing a Specific Version with Default Options

Choose your preferred release version number and use it to replace the version number in the URL below.

# Replace v0.4.1 with your preferred version in the URL below
kubectl apply -f https://get.pinniped.dev/v0.4.1/install-pinniped-concierge.yaml

Installing with Custom Options

Creating your own deployment YAML file requires ytt from Carvel to template the YAML files in the deploy/concierge directory. Either install ytt or use the container image from Dockerhub.

  1. git clone this repo and git checkout the release version tag of the release that you would like to deploy.
  2. The configuration options are in deploy/concierge/values.yml. Fill in the values in that file, or override those values using additional ytt command-line options in the command below. Use the release version tag as the image_tag value.
  3. In a terminal, cd to this deploy/concierge directory
  4. To generate the final YAML files, run ytt --file .
  5. Deploy the generated YAML using your preferred deployment tool, such as kubectl or kapp. For example: ytt --file . | kapp deploy --yes --app pinniped --diff-changes --file -