https://deploy-preview-3014--pinniped-dev.netlify.app/docs/reference/Recent content in Pinniped Reference on PinnipedHugo -- gohugo.ioen-ushttps://deploy-preview-3014--pinniped-dev.netlify.app/docs/reference/active-directory-configuration/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-3014--pinniped-dev.netlify.app/docs/reference/active-directory-configuration/This describes the default values for the ActiveDirectoryIdentityProvider user and group search. For more about ActiveDirectoryIdentityProvider configuration, see the API reference documentation. spec.userSearch.base Default Behavior: Queries the Active Directory host for the defaultNamingContext. Implications: Searches your entire domain for users. It may make sense to specify a subtree as a search base if you wish to exclude some users for security reasons or to make searches faster. spec.userSearch.attributes.username Default Behavior: The userPrincipalName attribute will become the user’s Kubernetes username.https://deploy-preview-3014--pinniped-dev.netlify.app/docs/reference/api/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-3014--pinniped-dev.netlify.app/docs/reference/api/Full API reference documentation for the Pinniped Kubernetes API is available on GitHub.https://deploy-preview-3014--pinniped-dev.netlify.app/docs/reference/code-walkthrough/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-3014--pinniped-dev.netlify.app/docs/reference/code-walkthrough/Audience and purpose The purpose of this document is to provide a high-level, brief introduction to the Pinniped source code for new contributors. The target audience is someone who wants to read the source code. Users who only want to install and configure Pinniped should not need to read this document. This document aims to help a reader navigate towards the part of the code which they might be interested in exploring in more detail.https://deploy-preview-3014--pinniped-dev.netlify.app/docs/reference/cli/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-3014--pinniped-dev.netlify.app/docs/reference/cli/pinniped completion bash Generate the autocompletion script for bash Synopsis Generate the autocompletion script for the bash shell. This script depends on the ‘bash-completion’ package. If it is not installed already, you can install it via your OS’s package manager. To load completions in your current shell session: source <(pinniped completion bash) To load completions for every new session, execute once: Linux: pinniped completion bash > /etc/bash_completion.d/pinniped macOS: pinniped completion bash > $(brew --prefix)/etc/bash_completion.https://deploy-preview-3014--pinniped-dev.netlify.app/docs/reference/fips/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-3014--pinniped-dev.netlify.app/docs/reference/fips/By default, the Pinniped supervisor and concierge use ciphers that are not supported by FIPS 140-2. If you are deploying Pinniped in an environment with FIPS compliance requirements, you will have to build the binaries yourself using the fips_strict build tag and Golang’s GOEXPERIMENT=boringcrypto compiler option. The Pinniped team provides an example Dockerfile demonstrating how you can build Pinniped images in a FIPS compatible way. However, we do not provide official support for FIPS configuration.https://deploy-preview-3014--pinniped-dev.netlify.app/docs/reference/audit-logging/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-3014--pinniped-dev.netlify.app/docs/reference/audit-logging/The Pinniped Supervisor and Pinniped Concierge components provide audit logging capabilities to help you meet your security and compliance standards. The configuration of the Pinniped Supervisor and Pinniped Concierge is managed by Kubernetes custom resources. These resources are protected by the standard Kubernetes authorization controls and audited by the standard Kubernetes audit logging capabilities. Pinniped also offers additional audit logging capabilities. These additional audit logs appear in the pod logs of the Supervisor and Concierge pods.https://deploy-preview-3014--pinniped-dev.netlify.app/docs/reference/supported-clusters/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-3014--pinniped-dev.netlify.app/docs/reference/supported-clusters/Cluster Type Concierge Works? VMware Tanzu Kubernetes Grid (TKG) clusters Yes Kind clusters Yes Kubeadm-based clusters Yes Amazon Elastic Kubernetes Service (EKS) Yes Google Kubernetes Engine (GKE) Yes Azure Kubernetes Service (AKS) Yes Background The Pinniped Concierge has two strategies available to support clusters, under the following conditions: Token Credential Request API: Can be run on any Kubernetes cluster where a custom pod can be executed on the same node running kube-controller-manager.https://deploy-preview-3014--pinniped-dev.netlify.app/docs/reference/tokens-and-credentials/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-3014--pinniped-dev.netlify.app/docs/reference/tokens-and-credentials/Pinniped issues several types of tokens and credentials to clients to help users access Kubernetes clusters. This document will explain the tokens and credentials issued when the Pinniped Supervisor, Concierge, and CLI are all configured to work together. All issued tokens and credentials are short-lived and therefore must be refreshed often. Forcing users to refresh tokens and credentials often gives Pinniped an opportunity to revalidate the user’s identity and group memberships.