Entry ID Prefix #287
Merged
Entry ID Prefix #287
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Kevin Fox <[email protected]>
kfox1111
requested review from
marcofranssen,
dfeldman,
faisal-memon and
mrsabath
as code owners
Signed-off-by: Kevin Fox <[email protected]>
Signed-off-by: Kevin Fox <[email protected]>
Signed-off-by: Kevin Fox <[email protected]>
Signed-off-by: Kevin Fox <[email protected]>
Signed-off-by: Kevin Fox <[email protected]>
Signed-off-by: Kevin Fox <[email protected]>
Signed-off-by: Kevin Fox <[email protected]>
Signed-off-by: Kevin Fox <[email protected]>
Signed-off-by: Kevin Fox <[email protected]>
Signed-off-by: kfox1111 <[email protected]>
Signed-off-by: Kevin Fox <[email protected]>
Signed-off-by: Kevin Fox <[email protected]>
Signed-off-by: Kevin Fox <[email protected]>
…ts-hardened into entry-id-prefix
Signed-off-by: Kevin Fox <[email protected]>
Signed-off-by: Kevin Fox <[email protected]>
Signed-off-by: kfox1111 <[email protected]>
Signed-off-by: kfox1111 <[email protected]>
|
Merging this into the external-controller-manager pr. |
faisal-memon
added a commit
that referenced
this pull request
May 2, 2024
* Complete Server K8S PSAT support Add all the SPIRE Server supported options for the K8S PSAT attestor. This retains the ease of use for configuring local cluster support while adding the ability to configure multiple/external clusters as well. Kubeconfig support is added in its own config block as it will be used/shared with spire-controller-manager support in the future. Signed-off-by: Kevin Fox <[email protected]> * Fix merge conflict Signed-off-by: Kevin Fox <[email protected]> * Add support for integration tests in the tests/integration dir Signed-off-by: Kevin Fox <[email protected]> * Fix split issue and typo Signed-off-by: Kevin Fox <[email protected]> * Add basic psat test Signed-off-by: Kevin Fox <[email protected]> * Fix linter Signed-off-by: Kevin Fox <[email protected]> * Fix up test Signed-off-by: Kevin Fox <[email protected]> * Add missing file Signed-off-by: Kevin Fox <[email protected]> * Better encode config Signed-off-by: Kevin Fox <[email protected]> * Update charts/spire/charts/spire-server/values.yaml Co-authored-by: Faisal Memon <[email protected]> Signed-off-by: kfox1111 <[email protected]> * Update docs Signed-off-by: Kevin Fox <[email protected]> * Apply suggestions from code review Co-authored-by: Faisal Memon <[email protected]> Signed-off-by: kfox1111 <[email protected]> * Fix docs Signed-off-by: Kevin Fox <[email protected]> * Update charts/spire/charts/spire-server/values.yaml Co-authored-by: Faisal Memon <[email protected]> Signed-off-by: kfox1111 <[email protected]> * Fix docs Signed-off-by: Kevin Fox <[email protected]> * Add external k8s bundler Adds support to sync the CA bundle to configmaps in external Kubernetes clusters Signed-off-by: Kevin Fox <[email protected]> * Update default Signed-off-by: Kevin Fox <[email protected]> * Fix config file layout. Incorperate feedback. Signed-off-by: Kevin Fox <[email protected]> * Incorperate feedback Signed-off-by: Kevin Fox <[email protected]> * Update based on parent pr feedback Signed-off-by: Kevin Fox <[email protected]> * Reformat config file Signed-off-by: Kevin Fox <[email protected]> * Fix some things Signed-off-by: Kevin Fox <[email protected]> * Reconfigure kind Signed-off-by: Kevin Fox <[email protected]> * More debugging Signed-off-by: Kevin Fox <[email protected]> * Fix up kind Signed-off-by: Kevin Fox <[email protected]> * Incorperate feedback Signed-off-by: Kevin Fox <[email protected]> * Add external spire-controller-managers Only one external controller manager is supported at a time until spiffe/spire#4898 is resolved. Signed-off-by: Kevin Fox <[email protected]> * Fix tests Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Upgrade to spire-controller-manager 0.5.0 Signed-off-by: Kevin Fox <[email protected]> * Update for released 0.5.0 Signed-off-by: Kevin Fox <[email protected]> * Merge in some of the id prefix pr Signed-off-by: Kevin Fox <[email protected]> * Entry ID Prefix (#287) * Add Entry ID Prefix support Signed-off-by: Kevin Fox <[email protected]> * Mulitcluster test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Implement cleanup setting too Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix docs Signed-off-by: Kevin Fox <[email protected]> * Bump up test container Signed-off-by: Kevin Fox <[email protected]> * Swith to testing with nightly Signed-off-by: Kevin Fox <[email protected]> * Fix value name Signed-off-by: Kevin Fox <[email protected]> * Fix docs Signed-off-by: Kevin Fox <[email protected]> --------- Signed-off-by: Kevin Fox <[email protected]> Signed-off-by: kfox1111 <[email protected]> * Fix up doc formatting Signed-off-by: Kevin Fox <[email protected]> * Fix merge conflict Signed-off-by: Kevin Fox <[email protected]> * Update charts/spire/charts/spire-server/values.yaml Co-authored-by: Faisal Memon <[email protected]> Signed-off-by: kfox1111 <[email protected]> --------- Signed-off-by: Kevin Fox <[email protected]> Signed-off-by: kfox1111 <[email protected]> Co-authored-by: Faisal Memon <[email protected]>
faisal-memon
added a commit
that referenced
this pull request
May 20, 2024
* Complete Server K8S PSAT support Add all the SPIRE Server supported options for the K8S PSAT attestor. This retains the ease of use for configuring local cluster support while adding the ability to configure multiple/external clusters as well. Kubeconfig support is added in its own config block as it will be used/shared with spire-controller-manager support in the future. Signed-off-by: Kevin Fox <[email protected]> * Fix merge conflict Signed-off-by: Kevin Fox <[email protected]> * Add support for integration tests in the tests/integration dir Signed-off-by: Kevin Fox <[email protected]> * Fix split issue and typo Signed-off-by: Kevin Fox <[email protected]> * Add basic psat test Signed-off-by: Kevin Fox <[email protected]> * Fix linter Signed-off-by: Kevin Fox <[email protected]> * Fix up test Signed-off-by: Kevin Fox <[email protected]> * Add missing file Signed-off-by: Kevin Fox <[email protected]> * Better encode config Signed-off-by: Kevin Fox <[email protected]> * Update charts/spire/charts/spire-server/values.yaml Co-authored-by: Faisal Memon <[email protected]> Signed-off-by: kfox1111 <[email protected]> * Update docs Signed-off-by: Kevin Fox <[email protected]> * Apply suggestions from code review Co-authored-by: Faisal Memon <[email protected]> Signed-off-by: kfox1111 <[email protected]> * Fix docs Signed-off-by: Kevin Fox <[email protected]> * Update charts/spire/charts/spire-server/values.yaml Co-authored-by: Faisal Memon <[email protected]> Signed-off-by: kfox1111 <[email protected]> * Fix docs Signed-off-by: Kevin Fox <[email protected]> * Add external k8s bundler Adds support to sync the CA bundle to configmaps in external Kubernetes clusters Signed-off-by: Kevin Fox <[email protected]> * Update default Signed-off-by: Kevin Fox <[email protected]> * Fix config file layout. Incorperate feedback. Signed-off-by: Kevin Fox <[email protected]> * Incorperate feedback Signed-off-by: Kevin Fox <[email protected]> * Update based on parent pr feedback Signed-off-by: Kevin Fox <[email protected]> * Reformat config file Signed-off-by: Kevin Fox <[email protected]> * Fix some things Signed-off-by: Kevin Fox <[email protected]> * Reconfigure kind Signed-off-by: Kevin Fox <[email protected]> * More debugging Signed-off-by: Kevin Fox <[email protected]> * Fix up kind Signed-off-by: Kevin Fox <[email protected]> * Incorperate feedback Signed-off-by: Kevin Fox <[email protected]> * Add external spire-controller-managers Only one external controller manager is supported at a time until spiffe/spire#4898 is resolved. Signed-off-by: Kevin Fox <[email protected]> * Fix tests Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Add Entry ID Prefix support Signed-off-by: Kevin Fox <[email protected]> * Mulitcluster test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Implement cleanup setting too Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Make spire-lib bits into its own library chart. Signed-off-by: Kevin Fox <[email protected]> * Add spire-nested chart Signed-off-by: Kevin Fox <[email protected]> * Fix docs Signed-off-by: Kevin Fox <[email protected]> * Fix tests Signed-off-by: Kevin Fox <[email protected]> * Fix lint issue Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Add missing file Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Add nameOverride option Signed-off-by: Kevin Fox <[email protected]> * Simplify upstream config. Reorder test for faster executation Signed-off-by: Kevin Fox <[email protected]> * Enable service account allow list to calculate namespace Signed-off-by: Kevin Fox <[email protected]> * Add identity type for child servers Signed-off-by: Kevin Fox <[email protected]> * Enable name override setting Signed-off-by: Kevin Fox <[email protected]> * Fix printing Signed-off-by: Kevin Fox <[email protected]> * Fix formatting Signed-off-by: Kevin Fox <[email protected]> * Fix name length issue Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Switch to non cluster-admin user Signed-off-by: Kevin Fox <[email protected]> * Test out adding roles Signed-off-by: Kevin Fox <[email protected]> * Namespace needs to exist Signed-off-by: Kevin Fox <[email protected]> * Remove tty Signed-off-by: Kevin Fox <[email protected]> * Fix name Signed-off-by: Kevin Fox <[email protected]> * Add missing role Signed-off-by: Kevin Fox <[email protected]> * Add kind=none to not require extra objects Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Remove unneeded code Signed-off-by: Kevin Fox <[email protected]> * Add security cluster example Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Dont preinstall crds for nested-security Signed-off-by: Kevin Fox <[email protected]> * Fix tests Signed-off-by: Kevin Fox <[email protected]> * Fix address Signed-off-by: Kevin Fox <[email protected]> * Update port Signed-off-by: Kevin Fox <[email protected]> * Update psat setting Signed-off-by: Kevin Fox <[email protected]> * Update psat setting Signed-off-by: Kevin Fox <[email protected]> * Fix tests Signed-off-by: Kevin Fox <[email protected]> * Fix tests Signed-off-by: Kevin Fox <[email protected]> * Remove older tests that newer tests cover Signed-off-by: Kevin Fox <[email protected]> * Fix docs Signed-off-by: Kevin Fox <[email protected]> * Fix kind logic Signed-off-by: Kevin Fox <[email protected]> * Fix docs Signed-off-by: Kevin Fox <[email protected]> * Seems unneeded. Try and remove Signed-off-by: Kevin Fox <[email protected]> * Update the default ports to be more user friendly Signed-off-by: Kevin Fox <[email protected]> * See if we can leave controller manager port alone Signed-off-by: Kevin Fox <[email protected]> * Change the agent default port too Signed-off-by: Kevin Fox <[email protected]> * Bump up test container Signed-off-by: Kevin Fox <[email protected]> * Swith to testing with nightly Signed-off-by: Kevin Fox <[email protected]> * Fix value name Signed-off-by: Kevin Fox <[email protected]> * Fix docs Signed-off-by: Kevin Fox <[email protected]> * Upgrade to spire-controller-manager 0.5.0 Signed-off-by: Kevin Fox <[email protected]> * Try to isolate config differences just to child cluster Signed-off-by: Kevin Fox <[email protected]> * Update for released 0.5.0 Signed-off-by: Kevin Fox <[email protected]> * Merge in some of the id prefix pr Signed-off-by: Kevin Fox <[email protected]> * Entry ID Prefix (#287) * Add Entry ID Prefix support Signed-off-by: Kevin Fox <[email protected]> * Mulitcluster test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Implement cleanup setting too Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix docs Signed-off-by: Kevin Fox <[email protected]> * Bump up test container Signed-off-by: Kevin Fox <[email protected]> * Swith to testing with nightly Signed-off-by: Kevin Fox <[email protected]> * Fix value name Signed-off-by: Kevin Fox <[email protected]> * Fix docs Signed-off-by: Kevin Fox <[email protected]> --------- Signed-off-by: Kevin Fox <[email protected]> Signed-off-by: kfox1111 <[email protected]> * Fix up doc formatting Signed-off-by: Kevin Fox <[email protected]> * Revert notes Signed-off-by: Kevin Fox <[email protected]> * Use tags for nested chart Signed-off-by: Kevin Fox <[email protected]> * Add missing tag Signed-off-by: Kevin Fox <[email protected]> * Fix docs Signed-off-by: Kevin Fox <[email protected]> * Fix test Signed-off-by: Kevin Fox <[email protected]> * Fix formatting Signed-off-by: Kevin Fox <[email protected]> * Fix class name Signed-off-by: Kevin Fox <[email protected]> * Fix docs Signed-off-by: Kevin Fox <[email protected]> * Fix merge conflict issue Signed-off-by: Kevin Fox <[email protected]> * Fix merge issue Signed-off-by: Kevin Fox <[email protected]> * Fix docs Signed-off-by: Kevin Fox <[email protected]> * Fix merge issue Signed-off-by: Kevin Fox <[email protected]> * Incorperate feedback. Switch setting to be externalServer. Signed-off-by: Kevin Fox <[email protected]> * Update nested chart to use new setting Signed-off-by: Kevin Fox <[email protected]> * Fix merge issue Signed-off-by: Kevin Fox <[email protected]> * Fix merge conflict Signed-off-by: Kevin Fox <[email protected]> * Fix merge conflict Signed-off-by: Kevin Fox <[email protected]> * Add docs about which sections are used with which tags Signed-off-by: Kevin Fox <[email protected]> * Update versions Signed-off-by: Kevin Fox <[email protected]> --------- Signed-off-by: Kevin Fox <[email protected]> Signed-off-by: kfox1111 <[email protected]> Co-authored-by: Faisal Memon <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This enables peaceful coexistence of multiple spire-controller-managers or other managers and manual entries in the same spire-server.
Related to: spiffe/spire-controller-manager#325