Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use the credentialissuer in the pinniped docs #2763

Merged
merged 1 commit into from
May 6, 2021
Merged

Use the credentialissuer in the pinniped docs #2763

merged 1 commit into from
May 6, 2021

Conversation

antgamdia
Copy link
Contributor

Description of the change

As pointed out offline by the Pinniped folks, we should use the CredentialIssuer in our docs (instead of referring users to svc and secrets directly).

Benefits

Docs will no longer be coupled to a given svc and secret names and they will be more Pinniped-compliant.

Possible drawbacks

N/A

Applicable issues

N/A

Additional information

N/A

absoludity
absoludity approved these changes May 5, 2021
View reviewed changes
docs/user/using-an-OIDC-provider-with-pinniped.md
Comment on lines +91 to +100
Retrieving the Impersonation Proxy URL:

```bash
kubectl get credentialissuer -o json | jq -c '.items[].status.strategies[] | select( .type | contains("ImpersonationProxy")).frontend.impersonationProxyInfo.endpoint'
```

Then, retrieve the Impersonation Proxy CA cert by executing:
Retrieving the Impersonation Proxy CA:

```bash
kubectl get credentialissuer -o json | jq -c '.items[].status.strategies[] | select( .type | contains("ImpersonationProxy")).frontend.impersonationProxyInfo.certificateAuthorityData'
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fine as is, just wondering whether it'd be better to just have one command to just query to return all the strategies so that the user has more context if something isn't as expected (like not enabled), and have them copy both fields from that output? See what you think, but fine as is.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mmm, I think users will just have to delete parts of the jq query. The whole output will be:

k get credentialissuer -o json | jq -c '.items[].status.strategies[] | select( .type | contains("ImpersonationProxy"))

{
    "frontend": {
        "impersonationProxyInfo": {
            "certificateAuthorityData": "redacted",
            "endpoint": "https://redacted"
        },
        "type": "ImpersonationProxy"
    },
    "lastUpdateTime": "2021-05-05T22:19:45Z",
    "message": "impersonation proxy is ready to accept client connections",
    "reason": "Listening",
    "status": "Success",
    "type": "ImpersonationProxy"
}

For users who just want to know what should they copy, I think it's ok as is. And, for those interested in the whole output, I'm sure they will figure it out.

@antgamdia antgamdia merged commit 56a1154 into vmware-tanzu:master May 6, 2021
@antgamdia antgamdia deleted the pinnipedDocsFix branch May 6, 2021 09:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@absoludity absoludity absoludity approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@antgamdia @absoludity