go.pinniped.dev

module
v0.33.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 7, 2024 License: Apache-2.0

README

Pinniped Logo

Overview

Pinniped provides identity services to Kubernetes.

  • Easily plug in external identity providers into Kubernetes clusters while offering a simple install and configuration experience. Leverage first class integration with Kubernetes and kubectl command-line.
  • Give users a consistent, unified login experience across all your clusters, including on-premises and managed cloud environments.
  • Securely integrate with an enterprise IDP using standard protocols or use secure, externally managed identities instead of relying on simple, shared credentials.

To learn more, please visit the Pinniped project's website, https://pinniped.dev.

Getting started with Pinniped

Care to kick the tires? It's easy to install and try Pinniped.

Discussion

Got a question, comment, or idea? Please don't hesitate to reach out via GitHub Discussions, GitHub Issues, or in the Kubernetes Slack Workspace within the #pinniped channel. Join our Google Group to receive updates and meeting invitations.

Contributions

Pinniped is better because of our contributors and maintainers. It is because of you that we can bring great software to the community.

Want to get involved? Contributions are welcome.

Please see the contributing guide for more information about reporting bugs, requesting features, building and testing the code, submitting PRs, and other contributor topics.

Adopters

Some organizations and products using Pinniped are featured in ADOPTERS.md. Add your own organization or product here.

Reporting security vulnerabilities

Please follow the procedure described in SECURITY.md.

License

Pinniped is open source and licensed under Apache License Version 2.0. See LICENSE.

Copyright 2020-2024 the Pinniped contributors. All Rights Reserved.

Directories

Path Synopsis
cmd
pinniped-concierge-kube-cert-agent
Package main is the combined entrypoint for the Pinniped "kube-cert-agent" component.
Package main is the combined entrypoint for the Pinniped "kube-cert-agent" component.
pinniped-server
Package main is the combined entrypoint for all Pinniped server components.
Package main is the combined entrypoint for all Pinniped server components.
generated
latest/apis/concierge/authentication/v1alpha1
Package v1alpha1 is the v1alpha1 version of the Pinniped concierge authentication API.
Package v1alpha1 is the v1alpha1 version of the Pinniped concierge authentication API.
latest/apis/concierge/config/v1alpha1
Package v1alpha1 is the v1alpha1 version of the Pinniped concierge configuration API.
Package v1alpha1 is the v1alpha1 version of the Pinniped concierge configuration API.
latest/apis/concierge/identity
Package identity is the internal version of the Pinniped identity API.
Package identity is the internal version of the Pinniped identity API.
latest/apis/concierge/identity/v1alpha1
Package v1alpha1 is the v1alpha1 version of the Pinniped identity API.
Package v1alpha1 is the v1alpha1 version of the Pinniped identity API.
latest/apis/concierge/login
Package login is the internal version of the Pinniped login API.
Package login is the internal version of the Pinniped login API.
latest/apis/concierge/login/v1alpha1
Package v1alpha1 is the v1alpha1 version of the Pinniped login API.
Package v1alpha1 is the v1alpha1 version of the Pinniped login API.
latest/apis/supervisor/clientsecret
Package clientsecret is the internal version of the Pinniped client secret API.
Package clientsecret is the internal version of the Pinniped client secret API.
latest/apis/supervisor/clientsecret/v1alpha1
Package v1alpha1 is the v1alpha1 version of the Pinniped client secret API.
Package v1alpha1 is the v1alpha1 version of the Pinniped client secret API.
latest/apis/supervisor/config/v1alpha1
Package v1alpha1 is the v1alpha1 version of the Pinniped supervisor configuration API.
Package v1alpha1 is the v1alpha1 version of the Pinniped supervisor configuration API.
latest/apis/supervisor/idp/v1alpha1
Package v1alpha1 is the v1alpha1 version of the Pinniped supervisor identity provider (IDP) API.
Package v1alpha1 is the v1alpha1 version of the Pinniped supervisor identity provider (IDP) API.
latest/client/concierge/clientset/versioned/fake
This package has the automatically generated fake clientset.
This package has the automatically generated fake clientset.
latest/client/concierge/clientset/versioned/scheme
This package contains the scheme of the automatically generated clientset.
This package contains the scheme of the automatically generated clientset.
latest/client/concierge/clientset/versioned/typed/authentication/v1alpha1
This package has the automatically generated typed clients.
This package has the automatically generated typed clients.
latest/client/concierge/clientset/versioned/typed/authentication/v1alpha1/fake
Package fake has the automatically generated clients.
Package fake has the automatically generated clients.
latest/client/concierge/clientset/versioned/typed/config/v1alpha1
This package has the automatically generated typed clients.
This package has the automatically generated typed clients.
latest/client/concierge/clientset/versioned/typed/config/v1alpha1/fake
Package fake has the automatically generated clients.
Package fake has the automatically generated clients.
latest/client/concierge/clientset/versioned/typed/identity/v1alpha1
This package has the automatically generated typed clients.
This package has the automatically generated typed clients.
latest/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake
Package fake has the automatically generated clients.
Package fake has the automatically generated clients.
latest/client/concierge/clientset/versioned/typed/login/v1alpha1
This package has the automatically generated typed clients.
This package has the automatically generated typed clients.
latest/client/concierge/clientset/versioned/typed/login/v1alpha1/fake
Package fake has the automatically generated clients.
Package fake has the automatically generated clients.
latest/client/supervisor/clientset/versioned/fake
This package has the automatically generated fake clientset.
This package has the automatically generated fake clientset.
latest/client/supervisor/clientset/versioned/scheme
This package contains the scheme of the automatically generated clientset.
This package contains the scheme of the automatically generated clientset.
latest/client/supervisor/clientset/versioned/typed/clientsecret/v1alpha1
This package has the automatically generated typed clients.
This package has the automatically generated typed clients.
latest/client/supervisor/clientset/versioned/typed/clientsecret/v1alpha1/fake
Package fake has the automatically generated clients.
Package fake has the automatically generated clients.
latest/client/supervisor/clientset/versioned/typed/config/v1alpha1
This package has the automatically generated typed clients.
This package has the automatically generated typed clients.
latest/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake
Package fake has the automatically generated clients.
Package fake has the automatically generated clients.
latest/client/supervisor/clientset/versioned/typed/idp/v1alpha1
This package has the automatically generated typed clients.
This package has the automatically generated typed clients.
latest/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake
Package fake has the automatically generated clients.
Package fake has the automatically generated clients.
1.17/apis Module
1.17/client Module
1.18/apis Module
1.18/client Module
1.19/apis Module
1.19/client Module
1.20/apis Module
1.20/client Module
1.21/apis Module
1.21/client Module
1.22/apis Module
1.22/client Module
1.23/apis Module
1.23/client Module
1.24/apis Module
1.24/client Module
1.25/apis Module
1.25/client Module
1.26/apis Module
1.26/client Module
1.27/apis Module
1.27/client Module
1.28/apis Module
1.28/client Module
1.29/apis Module
1.29/client Module
1.30/apis Module
1.30/client Module
1.31/apis Module
1.31/client Module
internal
authenticators
Package authenticators contains authenticator interfaces.
Package authenticators contains authenticator interfaces.
celtransformer
Package celtransformer is an implementation of upstream-to-downstream identity transformations and policies using CEL scripts.
Package celtransformer is an implementation of upstream-to-downstream identity transformations and policies using CEL scripts.
certauthority
Package certauthority implements a simple x509 certificate authority suitable for use in an aggregated API service.
Package certauthority implements a simple x509 certificate authority suitable for use in an aggregated API service.
certauthority/dynamiccertauthority
Package dynamiccertauthority implements a x509 certificate authority capable of issuing certificates from a dynamically updating CA keypair.
Package dynamiccertauthority implements a x509 certificate authority capable of issuing certificates from a dynamically updating CA keypair.
concierge/impersonator
Package impersonator implements an HTTP server that reverse proxies all requests to the Kubernetes API server with impersonation headers set to match the calling user.
Package impersonator implements an HTTP server that reverse proxies all requests to the Kubernetes API server with impersonation headers set to match the calling user.
concierge/scheme
Package scheme contains code to construct a proper runtime.Scheme for the Concierge aggregated API.
Package scheme contains code to construct a proper runtime.Scheme for the Concierge aggregated API.
concierge/server
Package server is the command line entry point for pinniped-concierge.
Package server is the command line entry point for pinniped-concierge.
config/concierge
Package concierge contains functionality to load/store Config's from/to some source.
Package concierge contains functionality to load/store Config's from/to some source.
config/supervisor
Package supervisor contains functionality to load/store Config's from/to some source.
Package supervisor contains functionality to load/store Config's from/to some source.
controller/apicerts
Package apicerts contains controllers that work together to provide rotating API certs.
Package apicerts contains controllers that work together to provide rotating API certs.
controller/authenticator
Package authenticator contains helper code for dealing with *Authenticator CRDs.
Package authenticator contains helper code for dealing with *Authenticator CRDs.
controller/authenticator/authncache
Package authncache implements a cache of active authenticators.
Package authncache implements a cache of active authenticators.
controller/authenticator/cachecleaner
Package cachecleaner implements a controller for garbage collecting authenticators from an authenticator cache.
Package cachecleaner implements a controller for garbage collecting authenticators from an authenticator cache.
controller/authenticator/jwtcachefiller
Package jwtcachefiller implements a controller for filling an authncache.Cache with each added/updated JWTAuthenticator.
Package jwtcachefiller implements a controller for filling an authncache.Cache with each added/updated JWTAuthenticator.
controller/authenticator/webhookcachefiller
Package webhookcachefiller implements a controller for filling an authncache.Cache with each added/updated WebhookAuthenticator.
Package webhookcachefiller implements a controller for filling an authncache.Cache with each added/updated WebhookAuthenticator.
controller/issuerconfig
Package issuerconfig contains helpers for updating CredentialIssuer status entries.
Package issuerconfig contains helpers for updating CredentialIssuer status entries.
controller/kubecertagent
Package kubecertagent provides controllers that ensure a pod (the kube-cert-agent), is co-located with the Kubernetes controller manager so that Pinniped can access its signing keys.
Package kubecertagent provides controllers that ensure a pod (the kube-cert-agent), is co-located with the Kubernetes controller manager so that Pinniped can access its signing keys.
controller/supervisorconfig/activedirectoryupstreamwatcher
Package activedirectoryupstreamwatcher implements a controller which watches ActiveDirectoryIdentityProviders.
Package activedirectoryupstreamwatcher implements a controller which watches ActiveDirectoryIdentityProviders.
controller/supervisorconfig/generator
Package generator provides a supervisorSecretsController that can ensure existence of a generated secret.
Package generator provides a supervisorSecretsController that can ensure existence of a generated secret.
controller/supervisorconfig/githubupstreamwatcher
Package githubupstreamwatcher implements a controller which watches GitHubIdentityProviders.
Package githubupstreamwatcher implements a controller which watches GitHubIdentityProviders.
controller/supervisorconfig/ldapupstreamwatcher
Package ldapupstreamwatcher implements a controller which watches LDAPIdentityProviders.
Package ldapupstreamwatcher implements a controller which watches LDAPIdentityProviders.
controller/supervisorconfig/oidcupstreamwatcher
Package oidcupstreamwatcher implements a controller which watches OIDCIdentityProviders.
Package oidcupstreamwatcher implements a controller which watches OIDCIdentityProviders.
controllermanager
Package controllermanager provides an entrypoint into running all of the controllers that run as a part of Pinniped.
Package controllermanager provides an entrypoint into running all of the controllers that run as a part of Pinniped.
crypto/fips
Package fips can be imported to enable fipsonly tls mode when compiling with fips_strict.
Package fips can be imported to enable fipsonly tls mode when compiling with fips_strict.
downward
Package downward implements a client interface for interacting with Kubernetes "downwardAPI" volumes.
Package downward implements a client interface for interacting with Kubernetes "downwardAPI" volumes.
dynamiccert
Package dynamiccert provides a simple way of communicating a dynamically updating PEM-encoded certificate and key.
Package dynamiccert provides a simple way of communicating a dynamically updating PEM-encoded certificate and key.
endpointaddr
Package endpointaddr implements parsing and validation of "<host>[:<port>]" strings for Pinniped APIs.
Package endpointaddr implements parsing and validation of "<host>[:<port>]" strings for Pinniped APIs.
execcredcache
Package execcredcache implements a cache for Kubernetes ExecCredential data.
Package execcredcache implements a cache for Kubernetes ExecCredential data.
federationdomain/clientregistry
Package clientregistry defines Pinniped's OAuth2/OIDC clients.
Package clientregistry defines Pinniped's OAuth2/OIDC clients.
federationdomain/csp
Package csp defines helpers related to HTML Content Security Policies.
Package csp defines helpers related to HTML Content Security Policies.
federationdomain/downstreamsession
Package downstreamsession provides some shared helpers for creating downstream OIDC sessions.
Package downstreamsession provides some shared helpers for creating downstream OIDC sessions.
federationdomain/dynamiccodec
Package dynamiccodec provides a type that can encode information using a just-in-time signing and (optionally) encryption secret.
Package dynamiccodec provides a type that can encode information using a just-in-time signing and (optionally) encryption secret.
federationdomain/endpoints/auth
Package auth provides a handler for the OIDC authorization endpoint.
Package auth provides a handler for the OIDC authorization endpoint.
federationdomain/endpoints/callback
Package callback provides a handler for the OIDC callback endpoint.
Package callback provides a handler for the OIDC callback endpoint.
federationdomain/endpoints/discovery
Package discovery provides a handler for the OIDC discovery endpoint.
Package discovery provides a handler for the OIDC discovery endpoint.
federationdomain/endpoints/idpdiscovery
Package idpdiscovery provides a handler for the upstream IDP discovery endpoint.
Package idpdiscovery provides a handler for the upstream IDP discovery endpoint.
federationdomain/endpoints/jwks
Package discovery provides a handler for the OIDC discovery endpoint.
Package discovery provides a handler for the OIDC discovery endpoint.
federationdomain/endpoints/login/loginhtml
Package loginhtml defines HTML templates used by the Supervisor.
Package loginhtml defines HTML templates used by the Supervisor.
federationdomain/endpoints/token
Package token provides a handler for the OIDC token endpoint.
Package token provides a handler for the OIDC token endpoint.
federationdomain/formposthtml
Package formposthtml defines HTML templates used by the Supervisor.
Package formposthtml defines HTML templates used by the Supervisor.
federationdomain/oidc
Package oidc contains common OIDC functionality needed by FederationDomains to implement downstream OIDC functionality.
Package oidc contains common OIDC functionality needed by FederationDomains to implement downstream OIDC functionality.
httputil/httperr
Package httperr contains some helpers for nicer error handling in http.Handler implementations.
Package httperr contains some helpers for nicer error handling in http.Handler implementations.
httputil/securityheader
Package securityheader implements an HTTP middleware for setting security-related response headers.
Package securityheader implements an HTTP middleware for setting security-related response headers.
idtransform
Package idtransform defines upstream-to-downstream identity transformations which could be implemented using various approaches or languages.
Package idtransform defines upstream-to-downstream identity transformations which could be implemented using various approaches or languages.
localuserauthenticator
Package localuserauthenticator provides a authentication webhook program.
Package localuserauthenticator provides a authentication webhook program.
mocks/mockcachevalue
Package mockcachevalue is a generated GoMock package.
Package mockcachevalue is a generated GoMock package.
mocks/mockcredentialrequest
Package mockcredentialrequest is a generated GoMock package.
Package mockcredentialrequest is a generated GoMock package.
mocks/mockgithubclient
Package mockgithubclient is a generated GoMock package.
Package mockgithubclient is a generated GoMock package.
mocks/mockissuer
Package mockissuer is a generated GoMock package.
Package mockissuer is a generated GoMock package.
mocks/mockkeyset
Package mockkeyset is a generated GoMock package.
Package mockkeyset is a generated GoMock package.
mocks/mockkubecertagent
Package mocks is a generated GoMock package.
Package mocks is a generated GoMock package.
mocks/mockldapconn
Package mockldapconn is a generated GoMock package.
Package mockldapconn is a generated GoMock package.
mocks/mockoidcclientoptions
Package mockoidcclientoptions is a generated GoMock package.
Package mockoidcclientoptions is a generated GoMock package.
mocks/mocksecrethelper
Package mocksecrethelper is a generated GoMock package.
Package mocksecrethelper is a generated GoMock package.
mocks/mockupstreamoidcidentityprovider
Package mockupstreamoidcidentityprovider is a generated GoMock package.
Package mockupstreamoidcidentityprovider is a generated GoMock package.
plog
Package plog implements a thin layer over logr to help enforce pinniped's logging convention.
Package plog implements a thin layer over logr to help enforce pinniped's logging convention.
registry/clientsecretrequest
Package clientsecretrequest provides REST functionality for the CredentialRequest resource.
Package clientsecretrequest provides REST functionality for the CredentialRequest resource.
registry/credentialrequest
Package credentialrequest provides REST functionality for the CredentialRequest resource.
Package credentialrequest provides REST functionality for the CredentialRequest resource.
supervisor/scheme
Package scheme contains code to construct a proper runtime.Scheme for the Supervisor aggregated API.
Package scheme contains code to construct a proper runtime.Scheme for the Supervisor aggregated API.
supervisor/server
Package server defines the entrypoint for the Pinniped Supervisor server.
Package server defines the entrypoint for the Pinniped Supervisor server.
testutil
Package testutil contains shared test utilities for the Pinniped project.
Package testutil contains shared test utilities for the Pinniped project.
testutil/fakekubeapi
Package fakekubeapi contains a *very* simple httptest.Server that can be used to stand in for a real Kube API server in tests.
Package fakekubeapi contains a *very* simple httptest.Server that can be used to stand in for a real Kube API server in tests.
testutil/testlogger
Package testlogger wraps logr.Logger to allow for writing test assertions.
Package testlogger wraps logr.Logger to allow for writing test assertions.
upstreamgithub
Package upstreamgithub implements an abstraction of upstream GitHub provider interactions.
Package upstreamgithub implements an abstraction of upstream GitHub provider interactions.
upstreamldap
Package upstreamldap implements an abstraction of upstream LDAP IDP interactions.
Package upstreamldap implements an abstraction of upstream LDAP IDP interactions.
upstreamoidc
Package upstreamoidc implements an abstraction of upstream OIDC provider interactions.
Package upstreamoidc implements an abstraction of upstream OIDC provider interactions.
pkg
conciergeclient
Package conciergeclient provides login helpers for the Pinniped concierge.
Package conciergeclient provides login helpers for the Pinniped concierge.
oidcclient
Package oidcclient implements a CLI OIDC login flow.
Package oidcclient implements a CLI OIDC login flow.
oidcclient/filesession
Package filesession implements the file format for session caches.
Package filesession implements the file format for session caches.
oidcclient/nonce
Package nonce implements helpers for OIDC nonce parameter handling.
Package nonce implements helpers for OIDC nonce parameter handling.
oidcclient/oidctypes
Package oidctypes provides core data types for OIDC token structures.
Package oidctypes provides core data types for OIDC token structures.
test
testlib/browsertest
Package browsertest provides integration test helpers for our browser-based tests.
Package browsertest provides integration test helpers for our browser-based tests.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL