Comments (10)
rpiceage
commented on September 25, 2024
1
@edwarnicke It seems that the k8s-workload-registrar image provided by Spire works for us, so there is no need for the former nsm-spire functionality at the moment.
Thanks for the support, I think we can close this issue.
from deployments-k8s.
denis-tingaikin
commented on September 25, 2024
Currently, we do not plan to add automatization for spire registration. I feel this may be scheduled in the future.
@edwarnicke , @fkautz Could you share thoughts about this?
from deployments-k8s.
edwarnicke
commented on September 25, 2024
@rpiceage Could you provide more specific detail around your needs in this regard. It may make more sense for us to contribute upstream to spire.
from deployments-k8s.
rpiceage
commented on September 25, 2024
@edwarnicke The aim is to be able to ship the config together with the other stuff, so we want to avoid additional config steps through the spire server CLI after deployment. The nsm-spire sidecar is exactly doing this together with the config file called registration.json which contains the necessary entries for spire.
In fact yesterday I managed to reuse that old image, so it works now temporarily for us. So my question is whether there will be some equivalent in your newer repos, or will it be maintained so that we can use it long term?
from deployments-k8s.
edwarnicke
commented on September 25, 2024
@rpiceage Got it. So it sounds like something that would let you ship a CRD for config (ie, just another part of the yaml) would meet your needs. Its more a declarative vs imperative thing than anything.
I've kicked off a conversation on the spire slack here. Would be good to get more voices there :)
from deployments-k8s.
edwarnicke
commented on September 25, 2024
@rpiceage Question: if the existing spire-server containers could have identities updated via ConfigMaps updating config files for that container... would it get you where you need to go?
from deployments-k8s.
rpiceage
commented on September 25, 2024
@edwarnicke As I understand, the config file for the spire server could not contain the entries needed to be injected as our configuration.
On the other hand the CRD solution would be OK. Also I will have a go at the spire k8s-workload-registrar, maybe it can solve the problem.
from deployments-k8s.
edwarnicke
commented on September 25, 2024
@rpiceage Excellent news!
from deployments-k8s.
denis-tingaikin
commented on September 25, 2024
it sounds like we can simplify a bit our examples if we'll use k8s-workload-registrar. @edwarnicke Do we need to update our examples and use k8s-workload-registrar?
from deployments-k8s.
edwarnicke
commented on September 25, 2024
@denis-tingaikin Lets look into it :)
from deployments-k8s.
Related Issues (20)
- Output of nsm_istio test is unstable
- Github Actions event workflow_run has bugs
- 【help】Does NSM support loop chain? HOT 5
- Update opentelemtry to latest version and fix all found issues HOT 2
- [help]question about nsm support sriov HOT 3
- which example is using VM as NSC or NSE? HOT 2
- Custom interface and IP address for the client request HOT 14
- if NSM supports kubevirt VMs as part of chaining in K8S? Do NSM have similar test cases? HOT 1
- Missed nsm interface in the vL3 client's POD HOT 4
- Do we plan to run remote vlan examples on CI? HOT 4
- NSC, Error from monitorConnection, RPC error code: PermissionDenied, Desc: no sufficient privileges HOT 9
- External VPP Issue HOT 13
- 【help】how to setup a NSM chain all with kernel port? HOT 1
- CVEs in NSM dependencies HOT 3
- if nsm has plans to use k8s CNI to communicate? Because some pods function is bound with k8s cni. If they don't use k8s cni, they can't realize their function HOT 1
- Cmd-nsc cannot start after using incorrect annotations
- VFIO tests are not stable
- Having issue while trying nse-composition example (using NSM v1.5.0 and Kind version 0.14.0) HOT 20
- Add template for deployments-k8s
- `for loop` in bash commands can return false positive results HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from deployments-k8s.