Getting Started with Pinniped

Pinniped is an authentication service for Kubernetes clusters. As a Kubernetes cluster administrator or user, you can learn how Pinniped works, see how to use it on your clusters, and dive into internals of Pinniped’s APIs and architecture.

Have a question, comment, or idea? Please reach out via GitHub Discussions or join the Pinniped community meetings.

Tutorials

• Learn to use the Pinniped Concierge

  See how the Pinniped Concierge works to provide a uniform login flow across different Kubernetes clusters.

• Learn to use the Pinniped Supervisor alongside the Concierge

  See how the Pinniped Supervisor streamlines login to multiple Kubernetes clusters.

How-to guides

• Install the Pinniped command-line tool

  Download and set up the pinniped command-line tool on macOS, Linux, or Windows clients.

• Install the Pinniped Concierge

  Install the Pinniped Concierge service in a Kubernetes cluster.

• Configure the Pinniped Concierge to validate JWT tokens

  Set up JSON Web Token (JWT) based token authentication on an individual Kubernetes cluster.

• Configure the Pinniped Concierge to validate webhook tokens

  Set up webhook-based token authentication on an individual Kubernetes cluster.

• Install the Pinniped Supervisor

  Install the Pinniped Supervisor service in a Kubernetes cluster.

• Configure the Pinniped Supervisor as an OIDC issuer

  Set up the Pinniped Supervisor to provide seamless login flows across multiple clusters.

• Configure the Pinniped Supervisor to use GitLab as an OIDC Provider

  Set up the Pinniped Supervisor to use GitLab login.

Reference

• Supported cluster types

  See the supported cluster types for the Pinniped Concierge.

• Command-Line Options Reference

  Reference for the pinniped command-line tool

• API Types

  Reference for the *.pinniped.dev Kubernetes API groups.

Background

• Architecture

  Dive into the overall design and implementation details of Pinniped.