Getting Started with Pinniped

Pinniped is an authentication service for Kubernetes clusters. As a Kubernetes cluster administrator or user, you can learn how Pinniped works, see how to use it on your clusters, and dive into internals of Pinniped’s APIs and architecture.

Have a question, comment, or idea? Please reach out via GitHub Discussions or join the Pinniped community meetings.

Tutorials

• Learn to use the Pinniped Concierge

  See how the Pinniped Concierge works to provide a uniform login flow across different Kubernetes clusters.

• Learn to use the Pinniped Supervisor alongside the Concierge

  See how the Pinniped Supervisor streamlines login to multiple Kubernetes clusters.

How-to guides

• Install the Pinniped command-line tool

  Download and set up the pinniped command-line tool on macOS, Linux, or Windows clients.

• Install the Pinniped Concierge

  Install the Pinniped Concierge service in a Kubernetes cluster.

• Configure the Pinniped Concierge to validate JWT tokens

  Set up JSON Web Token (JWT) based token authentication on an individual Kubernetes cluster.

• Configure the Pinniped Concierge to validate webhook tokens

  Set up webhook-based token authentication on an individual Kubernetes cluster.

• Configure the Pinniped Concierge to validate JWT tokens issued by the Pinniped Supervisor

  Set up JSON Web Token (JWT) based token authentication on an individual Kubernetes cluster using the Pinniped Supervisor as the OIDC provider.

• Install the Pinniped Supervisor

  Install the Pinniped Supervisor service in a Kubernetes cluster.

• Configure the Pinniped Supervisor as an OIDC issuer

  Set up the Pinniped Supervisor to provide seamless login flows across multiple clusters.

• Configure the Pinniped Supervisor to use Dex with Github as an OIDC provider

  Set up the Pinniped Supervisor to use Dex login.

• Configure the Pinniped Supervisor to use Okta as an OIDC provider

  Set up the Pinniped Supervisor to use Okta login.

• Configure the Pinniped Supervisor to use GitLab as an OIDC provider

  Set up the Pinniped Supervisor to use GitLab login.

• Configure the Pinniped Supervisor to use OpenLDAP as an LDAP provider

  Set up the Pinniped Supervisor to use OpenLDAP login.

• Configure the Pinniped Supervisor to use Microsoft Active Directory as an ActiveDirectoryIdentityProvider

  Set up the Pinniped Supervisor to use Microsoft Active Directory

• Configure the Pinniped Supervisor to use JumpCloud as an LDAP provider

  Set up the Pinniped Supervisor to use JumpCloud LDAP

• Logging into your cluster using Pinniped

  Logging into your Kubernetes cluster using Pinniped for authentication.

Reference

• Active Directory Configuration

  See the default configuration values for the ActiveDirectoryIdentityProvider.

• Supported cluster types

  See the supported cluster types for the Pinniped Concierge.

• Command-Line Options Reference

  Reference for the pinniped command-line tool

• API Types

  Reference for the *.pinniped.dev Kubernetes API groups.

Background

• Architecture

  Dive into the overall design and implementation details of Pinniped.