Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-04-02 23:37:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/pinniped] ⬆️ Update dependency references (#35403)

Browse Source 
* [bitnami/pinniped] Release 2.4.21 updating components versions

Signed-off-by: Bitnami Bot <bitnami.bot@broadcom.com>

* Update CHANGELOG.md

Signed-off-by: Bitnami Bot <bitnami.bot@broadcom.com>

* Update CRDs automatically

Signed-off-by: Bitnami Bot <bitnami.bot@broadcom.com>

---------

Signed-off-by: Bitnami Bot <bitnami.bot@broadcom.com>
This commit is contained in:
Bitnami Bot
2025-08-05 00:26:24 +02:00
committed by GitHub
parent 9493f30c02
commit af2a18fde8
12 changed files with 246 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
bitnami/pinniped/CHANGELOG.md
View File

@@ -1,8 +1,12 @@
# Changelog
## 2.4.20 (2025-07-09)
## 2.4.21 (2025-08-04)
* [bitnami/pinniped] :zap: :arrow_up: Update dependency references ([#34934](https://github.com/bitnami/charts/pull/34934))
* [bitnami/pinniped] :zap: :arrow_up: Update dependency references ([#35403](https://github.com/bitnami/charts/pull/35403))
## <small>2.4.20 (2025-07-09)</small>
* [bitnami/pinniped] :zap: :arrow_up: Update dependency references (#34934) ([e887bcc](https://github.com/bitnami/charts/commit/e887bcc79728767e7df24f998b461d641f54a40a)), closes [#34934](https://github.com/bitnami/charts/issues/34934)
## <small>2.4.19 (2025-06-13)</small>

6
bitnami/pinniped/Chart.yaml
View File

@@ -5,11 +5,11 @@ annotations:
category: Infrastructure
images: |
- name: pinniped
image: docker.io/bitnami/pinniped:0.39.0-debian-12-r3
image: docker.io/bitnami/pinniped:0.40.0-debian-12-r0
licenses: Apache-2.0
tanzuCategory: clusterUtility
apiVersion: v2
appVersion: 0.39.0
appVersion: 0.40.0
dependencies:
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
@@ -30,4 +30,4 @@ maintainers:
name: pinniped
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/pinniped
version: 2.4.20
version: 2.4.21

239
bitnami/pinniped/crds/concierge/authentication.concierge.pinniped.dev_jwtauthenticators.yaml
View File

@@ -1,5 +1,5 @@
# Source: https://raw.githubusercontent.com/vmware-tanzu/pinniped/v{version}/deploy/concierge/authentication.concierge.pinniped.dev_jwtauthenticators.yaml
# Version: 0.39.0
# Version: 0.40.0
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
@@ -60,37 +60,219 @@ spec:
metadata:
type: object
spec:
description: Spec for configuring the authenticator.
description: spec for configuring the authenticator.
properties:
audience:
description: Audience is the required value of the "aud" JWT claim.
description: audience is the required value of the "aud" JWT claim.
minLength: 1
type: string
claimValidationRules:
description: |-
claimValidationRules are rules that are applied to validate token claims to authenticate users.
This is similar to claimValidationRules from Kubernetes AuthenticationConfiguration as documented in
https://kubernetes.io/docs/reference/access-authn-authz/authentication.
This is an advanced configuration option. During an end-user login flow, mistakes in this
configuration will cause the user's login to fail.
items:
description: ClaimValidationRule provides the configuration for
a single claim validation rule.
properties:
claim:
description: |-
claim is the name of a required claim.
Only string claim keys are supported.
Mutually exclusive with expression and message.
type: string
expression:
description: |-
expression represents the expression which will be evaluated by CEL.
Must produce a boolean.
CEL expressions have access to the contents of the token claims, organized into CEL variable:
- 'claims' is a map of claim names to claim values.
For example, a variable named 'sub' can be accessed as 'claims.sub'.
Nested claims can be accessed using dot notation, e.g. 'claims.foo.bar'.
Must return true for the validation to pass.
Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/
Mutually exclusive with claim and requiredValue.
type: string
message:
description: |-
message customizes the returned error message when expression returns false.
message is a literal string.
Mutually exclusive with claim and requiredValue.
type: string
requiredValue:
description: |-
requiredValue is the value of a required claim.
Only string claim values are supported.
If claim is set and requiredValue is not set, the claim must be present with a value set to the empty string.
Mutually exclusive with expression and message.
type: string
type: object
type: array
claims:
description: |-
Claims allows customization of the claims that will be mapped to user identity
claims allows customization of the claims that will be mapped to user identity
for Kubernetes access.
properties:
extra:
description: |-
extra is similar to claimMappings.extra from Kubernetes AuthenticationConfiguration
as documented in https://kubernetes.io/docs/reference/access-authn-authz/authentication.
However, note that the Pinniped Concierge issues client certificates to users for the purpose
of authenticating, and the Kubernetes API server does not have any mechanism for transmitting
auth extras via client certificates. When configured, these extras will appear in client
certificates issued by the Pinniped Supervisor in the x509 Subject field as Organizational
Units (OU). However, when this client certificate is presented to Kubernetes for authentication,
Kubernetes will ignore these extras. This is probably only useful if you are using a custom
authenticating proxy in front of your Kubernetes API server which can translate these OUs into
auth extras, as described by
https://kubernetes.io/docs/reference/access-authn-authz/authentication/#authenticating-proxy.
This is an advanced configuration option. During an end-user login flow, each of these CEL expressions
must evaluate to either a string or an array of strings, or else the user's login will fail.
These keys must be a domain-prefixed path (such as "acme.io/foo") and must not contain an equals sign ("=").
expression must produce a string or string array value.
If the value is empty, the extra mapping will not be present.
Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/
hard-coded extra key/value
- key: "acme.io/foo"
valueExpression: "'bar'"
This will result in an extra attribute - acme.io/foo: ["bar"]
hard-coded key, value copying claim value
- key: "acme.io/foo"
valueExpression: "claims.some_claim"
This will result in an extra attribute - acme.io/foo: [value of some_claim]
hard-coded key, value derived from claim value
- key: "acme.io/admin"
valueExpression: '(has(claims.is_admin) && claims.is_admin) ? "true":""'
This will result in:
- if is_admin claim is present and true, extra attribute - acme.io/admin: ["true"]
- if is_admin claim is present and false or is_admin claim is not present, no extra attribute will be added
items:
description: ExtraMapping provides the configuration for a single
extra mapping.
properties:
key:
description: |-
key is a string to use as the extra attribute key.
key must be a domain-prefix path (e.g. example.org/foo). All characters before the first "/" must be a valid
subdomain as defined by RFC 1123. All characters trailing the first "/" must
be valid HTTP Path characters as defined by RFC 3986.
key must be lowercase.
Required to be unique.
Additionally, the key must not contain an equals sign ("=").
type: string
valueExpression:
description: |-
valueExpression is a CEL expression to extract extra attribute value.
valueExpression must produce a string or string array value.
"", [], and null values are treated as the extra mapping not being present.
Empty string values contained within a string array are filtered out.
CEL expressions have access to the contents of the token claims, organized into CEL variable:
- 'claims' is a map of claim names to claim values.
For example, a variable named 'sub' can be accessed as 'claims.sub'.
Nested claims can be accessed using dot notation, e.g. 'claims.foo.bar'.
Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/
type: string
required:
- key
- valueExpression
type: object
type: array
groups:
description: |-
Groups is the name of the claim which should be read to extract the user's
group membership from the JWT token. When not specified, it will default to "groups".
groups is the name of the claim which should be read to extract the user's
group membership from the JWT token. When not specified, it will default to "groups",
unless groupsExpression is specified.
Mutually exclusive with groupsExpression. Use either groups or groupsExpression to
determine the user's group membership from the JWT token.
type: string
groupsExpression:
description: |-
groupsExpression represents an expression which will be evaluated by CEL.
The expression's result will become the user's group memberships.
groupsExpression is similar to claimMappings.groups.expression from Kubernetes AuthenticationConfiguration
as documented in https://kubernetes.io/docs/reference/access-authn-authz/authentication.
This is an advanced configuration option. During an end-user login flow, each of these CEL expressions
must evaluate to one of the expected types without errors, or else the user's login will fail.
Additionally, mistakes in this configuration can cause the users to have unintended group memberships.
The expression must produce a string or string array value.
"", [], and null values are treated as the group mapping not being present.
CEL expressions have access to the contents of the token claims, organized into CEL variable:
- 'claims' is a map of claim names to claim values.
For example, a variable named 'sub' can be accessed as 'claims.sub'.
Nested claims can be accessed using dot notation, e.g. 'claims.foo.bar'.
Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/
Mutually exclusive with groups. Use either groups or groupsExpression to
determine the user's group membership from the JWT token.
type: string
username:
description: |-
Username is the name of the claim which should be read to extract the
username from the JWT token. When not specified, it will default to "username".
username is the name of the claim which should be read to extract the
username from the JWT token. When not specified, it will default to "username",
unless usernameExpression is specified.
Mutually exclusive with usernameExpression. Use either username or usernameExpression to
determine the user's username from the JWT token.
type: string
usernameExpression:
description: |-
usernameExpression represents an expression which will be evaluated by CEL.
The expression's result will become the user's username.
usernameExpression is similar to claimMappings.username.expression from Kubernetes AuthenticationConfiguration
as documented in https://kubernetes.io/docs/reference/access-authn-authz/authentication.
This is an advanced configuration option. During an end-user login flow, each of these CEL expressions
must evaluate to the expected type without errors, or else the user's login will fail.
Additionally, mistakes in this configuration can cause the users to have unintended usernames.
The expression must produce a non-empty string value.
If the expression uses 'claims.email', then 'claims.email_verified' must be used in
the expression or extra[*].valueExpression or claimValidationRules[*].expression.
An example claim validation rule expression that matches the validation automatically
applied when username.claim is set to 'email' is 'claims.?email_verified.orValue(true) == true'.
By explicitly comparing the value to true, we let type-checking see the result will be a boolean,
and to make sure a non-boolean email_verified claim will be caught at runtime.
CEL expressions have access to the contents of the token claims, organized into CEL variable:
- 'claims' is a map of claim names to claim values.
For example, a variable named 'sub' can be accessed as 'claims.sub'.
Nested claims can be accessed using dot notation, e.g. 'claims.foo.bar'.
Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/
Mutually exclusive with username. Use either username or usernameExpression to
determine the user's username from the JWT token.
type: string
type: object
issuer:
description: |-
Issuer is the OIDC issuer URL that will be used to discover public signing keys. Issuer is
issuer is the OIDC issuer URL that will be used to discover public signing keys. Issuer is
also used to validate the "iss" JWT claim.
minLength: 1
pattern: ^https://
type: string
tls:
description: TLS configuration for communicating with the OIDC provider.
description: tls is the configuration for communicating with the OIDC
provider via TLS.
properties:
certificateAuthorityData:
description: X.509 Certificate Authority (base64-encoded PEM bundle).
@@ -130,12 +312,47 @@ spec:
- name
type: object
type: object
userValidationRules:
description: |-
userValidationRules are rules that are applied to final user before completing authentication.
These allow invariants to be applied to incoming identities such as preventing the
use of the system: prefix that is commonly used by Kubernetes components.
The validation rules are logically ANDed together and must all return true for the validation to pass.
This is similar to claimValidationRules from Kubernetes AuthenticationConfiguration as documented in
https://kubernetes.io/docs/reference/access-authn-authz/authentication.
This is an advanced configuration option. During an end-user login flow, mistakes in this
configuration will cause the user's login to fail.
items:
description: UserValidationRule provides the configuration for a
single user info validation rule.
properties:
expression:
description: |-
expression represents the expression which will be evaluated by CEL.
Must return true for the validation to pass.
CEL expressions have access to the contents of UserInfo, organized into CEL variable:
- 'user' - authentication.k8s.io/v1, Kind=UserInfo object
Refer to https://github.com/kubernetes/api/blob/release-1.28/authentication/v1/types.go#L105-L122 for the definition.
API documentation: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#userinfo-v1-authentication-k8s-io
Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/
type: string
message:
description: |-
message customizes the returned error message when rule returns false.
message is a literal string.
type: string
required:
- expression
type: object
type: array
required:
- audience
- issuer
type: object
status:
description: Status of the authenticator.
description: status of the authenticator.
properties:
conditions:
description: Represents the observations of the authenticator's current

2
bitnami/pinniped/crds/concierge/authentication.concierge.pinniped.dev_webhookauthenticators.yaml
View File

@@ -1,5 +1,5 @@
# Source: https://raw.githubusercontent.com/vmware-tanzu/pinniped/v{version}/deploy/concierge/authentication.concierge.pinniped.dev_webhookauthenticators.yaml
# Version: 0.39.0
# Version: 0.40.0
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition

2
bitnami/pinniped/crds/concierge/config.concierge.pinniped.dev_credentialissuers.yaml
View File

@@ -1,5 +1,5 @@
# Source: https://raw.githubusercontent.com/vmware-tanzu/pinniped/v{version}/deploy/concierge/config.concierge.pinniped.dev_credentialissuers.yaml
# Version: 0.39.0
# Version: 0.40.0
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition

2
bitnami/pinniped/crds/supervisor/config.supervisor.pinniped.dev_federationdomains.yaml
View File

@@ -1,5 +1,5 @@
# Source: https://raw.githubusercontent.com/vmware-tanzu/pinniped/v{version}/deploy/supervisor/config.supervisor.pinniped.dev_federationdomains.yaml
# Version: 0.39.0
# Version: 0.40.0
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition

2
bitnami/pinniped/crds/supervisor/config.supervisor.pinniped.dev_oidcclients.yaml
View File

@@ -1,5 +1,5 @@
# Source: https://raw.githubusercontent.com/vmware-tanzu/pinniped/v{version}/deploy/supervisor/config.supervisor.pinniped.dev_oidcclients.yaml
# Version: 0.39.0
# Version: 0.40.0
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition

2
bitnami/pinniped/crds/supervisor/idp.supervisor.pinniped.dev_activedirectoryidentityproviders.yaml
View File

@@ -1,5 +1,5 @@
# Source: https://raw.githubusercontent.com/vmware-tanzu/pinniped/v{version}/deploy/supervisor/idp.supervisor.pinniped.dev_activedirectoryidentityproviders.yaml
# Version: 0.39.0
# Version: 0.40.0
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition

2
bitnami/pinniped/crds/supervisor/idp.supervisor.pinniped.dev_githubidentityproviders.yaml
View File

@@ -1,5 +1,5 @@
# Source: https://raw.githubusercontent.com/vmware-tanzu/pinniped/v{version}/deploy/supervisor/idp.supervisor.pinniped.dev_githubidentityproviders.yaml
# Version: 0.39.0
# Version: 0.40.0
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition

2
bitnami/pinniped/crds/supervisor/idp.supervisor.pinniped.dev_ldapidentityproviders.yaml
View File

@@ -1,5 +1,5 @@
# Source: https://raw.githubusercontent.com/vmware-tanzu/pinniped/v{version}/deploy/supervisor/idp.supervisor.pinniped.dev_ldapidentityproviders.yaml
# Version: 0.39.0
# Version: 0.40.0
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition

2
bitnami/pinniped/crds/supervisor/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml
View File

@@ -1,5 +1,5 @@
# Source: https://raw.githubusercontent.com/vmware-tanzu/pinniped/v{version}/deploy/supervisor/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml
# Version: 0.39.0
# Version: 0.40.0
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition

2
bitnami/pinniped/values.yaml
View File

@@ -74,7 +74,7 @@ extraDeploy: []
image:
registry: docker.io
repository: bitnami/pinniped
tag: 0.39.0-debian-12-r3
tag: 0.40.0-debian-12-r0
digest: ""
## Specify a imagePullPolicy
## ref: http://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images