Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Helm chart: broken spire setup #28599

Closed
2 tasks done
rauanmayemir opened this issue Oct 15, 2023 · 3 comments · Fixed by #28610
Closed
2 tasks done

Helm chart: broken spire setup #28599

rauanmayemir opened this issue Oct 15, 2023 · 3 comments · Fixed by #28610
Assignees
@sayboras
Labels
kind/bug This is a bug in the Cilium logic. kind/community-report This was reported by a user in the Cilium community, eg via Slack. needs/triage This issue requires triaging to establish severity and next steps.

Comments

@rauanmayemir
Copy link
Contributor

Is there an existing issue for this?

  • I have searched the existing issues

What happened?

authentication:
  enabled: true
  mutual:
    spire:
      enabled: true
      install:
        enabled: true
        agent:
          labels:
            k8s-app: cilium-spire-agent
        server:
          labels:
            k8s-app: cilium-spire-server

Setting labels as above will break the helm install with:

Error: YAML parse error on cilium/templates/spire/agent/daemonset.yaml: error converting YAML to JSON: yaml: line 8: mapping values are not allowed in this context

Cilium Version

1.14.2

Kernel Version

Kubernetes Version

Sysdump

No response

Relevant log output

No response

Anything else?

Not setting labels will allow helm install to happen.

Code of Conduct

  • I agree to follow this project's Code of Conduct
@rauanmayemir rauanmayemir added kind/bug This is a bug in the Cilium logic. kind/community-report This was reported by a user in the Cilium community, eg via Slack. needs/triage This issue requires triaging to establish severity and next steps. labels Oct 15, 2023
@sayboras sayboras self-assigned this Oct 16, 2023
sayboras added a commit that referenced this issue Oct 16, 2023
@sayboras
helm: Correct spire labels indentation
5b80406 
Fixes: #28599
@sayboras sayboras mentioned this issue Oct 16, 2023
Merged
sayboras added a commit that referenced this issue Oct 16, 2023
@sayboras
helm: Correct spire labels indentation
07d0c72 
Fixes: #28599
Signed-off-by: Tam Mach <tam.mach@cilium.io>
sayboras added a commit that referenced this issue Oct 16, 2023
@sayboras
helm: Correct spire labels indentation
ad449fe 
Additionally, the labels are propagated to pod level as well.

Fixes: #28599
Signed-off-by: Tam Mach <tam.mach@cilium.io>
sayboras added a commit that referenced this issue Oct 16, 2023
@sayboras
helm: Correct spire labels indentation
fe6cfde 
Additionally, the labels are propagated to pod level as well.

Fixes: #28599
Signed-off-by: Tam Mach <tam.mach@cilium.io>
@rauanmayemir
Copy link
Contributor Author

@sayboras I'm not sure if it should be filed separately, but there's also an issue with not being able to use my own spire-server instance and setting it up via helm. You can either install both agent and server, or none of them.

joestringer pushed a commit that referenced this issue Oct 18, 2023
@sayboras @joestringer
helm: Correct spire labels indentation
55b3bb3 
Additionally, the labels are propagated to pod level as well.

Fixes: #28599
Signed-off-by: Tam Mach <tam.mach@cilium.io>
@sayboras
Copy link
Member

I'm not sure if it should be filed separately, but there's also an issue with not being able to use my own spire-server instance and setting it up via helm. You can either install both agent and server, or none of them.

Sadly, we don't have such support right now. I am not sure how common this use case is. The best thing we can do is to file another issue, and see if other community users are having a same requirement.

@rauanmayemir
Copy link
Contributor Author

I guess I misunderstood this docs section:

The Cilium Helm chart includes an option to deploy SPIRE server for mutual authentication. You may also deploy your own SPIRE server and configure Cilium to use it.

I'm fine with doing it manually.

tklauser pushed a commit to tklauser/cilium that referenced this issue Oct 24, 2023
@sayboras @tklauser
helm: Correct spire labels indentation
03e37b0 
[ upstream commit 55b3bb3 ]

Additionally, the labels are propagated to pod level as well.

Fixes: cilium#28599
Signed-off-by: Tam Mach <tam.mach@cilium.io>
Signed-off-by: Tobias Klauser <tobias@cilium.io>
dylandreimerink pushed a commit that referenced this issue Oct 25, 2023
@sayboras @dylandreimerink
helm: Correct spire labels indentation
82a7933 
[ upstream commit 55b3bb3 ]

Additionally, the labels are propagated to pod level as well.

Fixes: #28599
Signed-off-by: Tam Mach <tam.mach@cilium.io>
Signed-off-by: Tobias Klauser <tobias@cilium.io>
sayboras added a commit that referenced this issue Nov 25, 2023
@sayboras @tklauser
helm: Correct spire labels indentation
a32cdfd 
[ upstream commit 55b3bb3 ]

Additionally, the labels are propagated to pod level as well.

Fixes: #28599
Signed-off-by: Tam Mach <tam.mach@cilium.io>
Signed-off-by: Tobias Klauser <tobias@cilium.io>
Signed-off-by: Tobias Klauser <tobias@isovalent.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sayboras sayboras

Labels
kind/bug This is a bug in the Cilium logic. kind/community-report This was reported by a user in the Cilium community, eg via Slack. needs/triage This issue requires triaging to establish severity and next steps.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

helm: Correct spire labels indentation cilium/cilium
2 participants
@rauanmayemir @sayboras