https://deploy-preview-3014--pinniped-dev.netlify.app/blog/Recent content in Pinniped Blog on PinnipedHugo -- gohugo.ioen-ushttps://deploy-preview-3014--pinniped-dev.netlify.app/posts/externally-managed-ca-bundles/Wed, 07 Aug 2024 00:00:00 +0000https://deploy-preview-3014--pinniped-dev.netlify.app/posts/externally-managed-ca-bundles/Photo from Unsplash Pinniped’s v0.33.0 release enables Pinniped administrators to use externally-provided CA bundles for all custom resources for which Pinniped acts as a client. This includes OIDC identity providers, LDAP and Active Directory servers, GitHub Enterprise Servers, and any JWT or webhook authenticators running on or off the cluster. This should reduce manual steps to install or configure Pinniped, since administrators no longer need to provide the CA bundle inline within a Pinniped custom resource, and can instead use a ConfigMap or Secret object in the same namespace as Pinniped Supervisor or Concierge.https://deploy-preview-3014--pinniped-dev.netlify.app/posts/github-idp-support/Thu, 06 Jun 2024 00:00:00 +0000https://deploy-preview-3014--pinniped-dev.netlify.app/posts/github-idp-support/Photo from Unsplash Pinniped’s v0.31.0 release brings your enterprise’s developer and operator GitHub identities to all your Kubernetes clusters. Previously, Pinniped supported external identity providers of types OpenID Connect (OIDC), Lightweight Directory Access Protocol (LDAP), and Active Directory (AD) configured for either one or many clusters. If you’re already managing your source code on github.com or using GitHub Enterprise, then your developers and operators already have GitHub identities. Now you can easily control their authentication and authorization to your fleets of Kubernetes clusters using that same GitHub identity, with the same great security and user experience that Pinniped already offers.https://deploy-preview-3014--pinniped-dev.netlify.app/posts/multiple-idps-and-identity-transformations/Tue, 19 Sep 2023 00:00:00 +0000https://deploy-preview-3014--pinniped-dev.netlify.app/posts/multiple-idps-and-identity-transformations/Photo from Unsplash Pinniped’s v0.26.0 relase provides powerful new features enabling cluster administrators to configure their Kubernetes clusters to accept identities from multiple identity providers. Pinniped now enables the simultaneous support of OpenID Connect (OIDC), Lightweight Directory Access Protocol (LDAP), and Active Directory (AD) configured for either one or many clusters. In addition, Pinniped provides a powerful identity transformation mechanism via Common Expression Language (CEL) to enable disambiguation of identities funneled in from different identity providers and more.https://deploy-preview-3014--pinniped-dev.netlify.app/posts/v0-25-0-external-cert-mgmt-impersonation-proxy/Wed, 09 Aug 2023 00:00:00 +0000https://deploy-preview-3014--pinniped-dev.netlify.app/posts/v0-25-0-external-cert-mgmt-impersonation-proxy/Photo by karlheinz_eckhardt Eckhardt on Unsplash With Pinniped v0.25.0 you get the ability to configure an externally-generated certificate for Pinniped Concierge’s impersonation proxy to serve TLS. The impersonation proxy is a component within Pinniped that allows the project to support many types of clusters, such as Amazon Elastic Kubernetes Service (EKS), Google Kubernetes Engine (GKE), and Azure Kubernetes Service (AKS). To read more on this feature, and the design decisions behind it, see the proposal.https://deploy-preview-3014--pinniped-dev.netlify.app/posts/formatted-logs-ui-based-ldap-logins/Wed, 08 Jun 2022 00:00:00 +0000https://deploy-preview-3014--pinniped-dev.netlify.app/posts/formatted-logs-ui-based-ldap-logins/Photo by Steve Adams on Unsplash We’ve listened to your requests and are excited to bring some cool user-friendly features that will enhance your Kubernetes Authentication experience. From this release onwards, we will have Pinniped logs in JSON format. We also bring you the ability to use a User Interface (UI) to login with your LDAP or ActiveDirectory credentials. JSON Formatted logs Kubernetes 1.19 introduced the ability to have logs emitted in JSON log format.https://deploy-preview-3014--pinniped-dev.netlify.app/posts/fips-and-more/Wed, 20 Apr 2022 00:00:00 +0000https://deploy-preview-3014--pinniped-dev.netlify.app/posts/fips-and-more/Photo by karlheinz_eckhardt on Unsplash This release continues our theme of providing security-hardening for Kubernetes authentication solutions with Pinniped. Build-Your-Own FIPS compliant Pinniped Binaries We now bring to you information on how to Build-Your-Own Pinniped binaries with FIPS Compliant BoringSSL Crypto. The Federal Information Processing Standard (FIPS) 140-2 publication describes United States government approved security requirements for cryptographic modules. Software that is validated by an accredited Cryptographic Module Validation Program (CVMP) laboratory can be suitable for use in applications for US governmental departments or in industries subject to US Federal regulations.https://deploy-preview-3014--pinniped-dev.netlify.app/posts/secure-tls-idp-refresh/Fri, 21 Jan 2022 00:00:00 +0000https://deploy-preview-3014--pinniped-dev.netlify.app/posts/secure-tls-idp-refresh/Photo by Neil Cooper on Unsplash Pinniped with tighter security posture Kubernetes users deploying Pinniped in production environments have certain compliance control requirements. With the current release of Pinniped, our efforts are to provide features in Pinniped that meet some of these compliance and regulatory requirements. We have added defaults that give secure deployment options to the administrator while maintaining the best user experience for cluster access. With v0.13.0 we include the use of secure TLS ciphers for all components and configurable listener for the Pinniped Supervisor server.https://deploy-preview-3014--pinniped-dev.netlify.app/posts/supporting-ad-oidc-workflows/Tue, 31 Aug 2021 00:00:00 +0000https://deploy-preview-3014--pinniped-dev.netlify.app/posts/supporting-ad-oidc-workflows/Photo by Eelco van der Wal on Unsplash CRDs for easy Active Directory Configuration! Microsoft Active Directory (AD) is one of the most popular and widely used Identity Providers. Active Directory Domain Services (AD DS) is the foundation of every Windows domain network. It stores information about members of the domain, including devices and users, verifies their credentials and defines their access rights. While AD is widely used in legacy systems, configuring Active Directory has been somewhat of a challenge in the cloud native environments.https://deploy-preview-3014--pinniped-dev.netlify.app/posts/supporting-remote-oidc-workflows/Fri, 30 Jul 2021 00:00:00 +0000https://deploy-preview-3014--pinniped-dev.netlify.app/posts/supporting-remote-oidc-workflows/Photo by Jaddy Liu on Unsplash Remote Host Environments and OIDC login flows Enterprise workloads on Kubernetes clusters often run in a restricted environment behind a firewall. In such a setup, the clusters can be accessed via servers sometimes called “SSH jump hosts”. These servers pose restrictions on what the users can execute and typically allow only command line access. Users can use command line utilities such as kubectl, pinniped CLI, etc.https://deploy-preview-3014--pinniped-dev.netlify.app/posts/bringing-ldap-identities-to-clusters/Wed, 02 Jun 2021 00:00:00 +0000https://deploy-preview-3014--pinniped-dev.netlify.app/posts/bringing-ldap-identities-to-clusters/Photo from matos11 on Pixabay Pinniped is a “batteries included” authentication system for Kubernetes clusters. With the release of v0.9.0, Pinniped now supports using LDAP identities to log in to Kubernetes clusters. This post describes how v0.9.0 fits into Pinniped’s quest to bring a smooth, unified login experience to all Kubernetes clusters. Support for LDAP Identities in the Pinniped Supervisor Pinniped is made up of three main components: The Pinniped Concierge component implements cluster-level authentication.https://deploy-preview-3014--pinniped-dev.netlify.app/posts/bringing-the-concierge-to-more-clusters/Thu, 01 Apr 2021 00:00:00 +0000https://deploy-preview-3014--pinniped-dev.netlify.app/posts/bringing-the-concierge-to-more-clusters/Photo by Fred Heap on Unsplash Pinniped is a “batteries included” authentication system for Kubernetes clusters. With the release of v0.7.0, Pinniped now supports a much wider range of real-world Kubernetes clusters, including managed Kubernetes environments on all major cloud providers. This post describes how v0.7.0 fits into Pinniped’s quest to bring a smooth, unified login experience to all Kubernetes clusters. Authentication in Kubernetes Kubernetes includes a pluggable authentication system right out of the box.https://deploy-preview-3014--pinniped-dev.netlify.app/posts/multiple-pinnipeds/Thu, 04 Feb 2021 00:00:00 +0000https://deploy-preview-3014--pinniped-dev.netlify.app/posts/multiple-pinnipeds/Photo by TRINH HUY HUNG on Unsplash Motivation Pinniped is a “batteries included” authentication system for Kubernetes clusters that tightly integrates with Kubernetes using native API patterns. Pinniped is built using custom resource definitions (CRDs) and API aggregation, both of which are core to the configuration and runtime operation of the app. We encountered a problem that’s familiar to many Kubernetes controller developers: we need to support multiple instances of our controller on one cluster.https://deploy-preview-3014--pinniped-dev.netlify.app/posts/a-seal-of-approval/Thu, 12 Nov 2020 00:00:00 +0000https://deploy-preview-3014--pinniped-dev.netlify.app/posts/a-seal-of-approval/Kubernetes, containers, microservices: They’ve all turned conventional application development wisdom inside out. But for all the wonders introduced and new technologies released, there are still a few things that remain difficult, cumbersome, or just really really frustrating when it comes to Kubernetes. We have set out to make one of those things easier and more understandable: authentication. In a perfect world, you would be able to use a single authentication process of your choice to log in to all of your Kubernetes clusters, including on-premises and managed cloud environments.