- The Pinniped supervisor now loads additional OIDC claims by calling the UserInfo endpoint during the authorization flow. This enables support for passing custom claims such as groups on a wider range of upstream identity providers.
Improved documentation for both the concierge and supervisor.
Added filtering to supervisor controllers to improve performance and reduce CPU overhead and log noise.
More consistently set owner references on all Kubernetes resources created by Pinniped.
blockOwnerDeletion: trueon resources created by Pinniped.
Normalize the type of the
groupsclaim in ID tokens issued by the supervisor.
The claim will now always be a list of strings, which may be empty if the upstream identity provider did not provide a groups claim.
Fixed some intermittent integration test flakes.
Upgraded Kubernetes library components to v1.20.1.
A complete list of changes (74 commits, 247 changed files with 14,880 additions and 1,410 deletions!) can be found here.