Skip to content

Commit

Permalink
Set CA name + disable kubelet validation in SPIRE
Browse files Browse the repository at this point in the history 
This sets a CN on the CA to be valid. It also disables the kubelet
validation by default as this breaks many installations such as on
kind.

Signed-off-by: Maartje Eyskens <maartje.eyskens@isovalent.com>
  • Loading branch information
@meyskens
meyskens committed Apr 27, 2023
1 parent 2ec713e commit dbafe52
Show file tree
Hide file tree
Showing 4 changed files with 14 additions and 14 deletions.
10 changes: 5 additions & 5 deletions Documentation/helm-values.rst
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

10 changes: 5 additions & 5 deletions install/kubernetes/cilium/README.md
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions install/kubernetes/cilium/values.yaml
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions install/kubernetes/cilium/values.yaml.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2669,7 +2669,7 @@ auth:
# -- SPIRE agent labels
labels: { }
# -- SPIRE Workload Attestor kubelet verification.
skipKubeletVerification: false
skipKubeletVerification: true
server:
# -- SPIRE server image
image: ghcr.io/spiffe/spire-server:1.5.1@sha256:4851ec8c71a8fbe230d87be78dfed0e908800c2342cf192289c7885bb2f7a870
Expand Down Expand Up @@ -2703,7 +2703,7 @@ auth:
subject:
country: "US"
organization: "SPIRE"
commonName: ""
commonName: "Cilium SPIRE CA"
# -- SPIRE server address
serverAddress: spire-server.cilium-spire.svc.cluster.local:8081
# -- SPIFFE trust domain to use for fetching certificates
Expand Down

0 comments on commit dbafe52

Please sign in to comment.