Skip to content
This repository has been archived by the owner on Mar 22, 2024. It is now read-only.

Change spire configmaps to yaml, rendered as json #113

Merged
merged 5 commits into from
Apr 17, 2023
Merged

Change spire configmaps to yaml, rendered as json #113

merged 5 commits into from
Apr 17, 2023

Conversation

marcofranssen
Copy link
Contributor

@marcofranssen marcofranssen commented Mar 12, 2023
edited
Loading

  • Change spire-server configmap to yaml rendered as JSON
  • Change spire-agent configmap to yaml rendered as JSON
  • Change spiffe-oidc-discovery-provider configmap to yaml rendered as JSON
  • Bump min required spire 1.6.x version for this chart

resolves #86

@kfox1111
Copy link
Contributor

Here's one that works attached. seems to be maybe a slight formatting issue:

{
  "health_checks": {
    "bind_address": "0.0.0.0",
    "bind_port": "8080",
    "listener_enabled": true,
    "live_path": "/live",
    "ready_path": "/ready"
  },
  "plugins": {
    "DataStore": [
      {
        "sql": {
          "plugin_data": {
            "connection_string": "/run/spire/data/datastore.sqlite3",
            "database_type": "sqlite3"
          }
        }
      }
    ],
    "KeyManager": [
      {
        "disk": {
          "plugin_data": {
            "keys_path": "/run/spire/data/keys.json"
          }
        }
      }
    ],
    "NodeAttestor": [
      {
        "k8s_psat": {
          "plugin_data": {
            "clusters": {
              "example-cluster": {
                "service_account_allow_list": [
                  "default:spire-agent"
                ]
              }
            }
          }
        }
      }
    ],
    "Notifier": [
      {
        "k8sbundle": {
          "plugin_data": {
            "config_map": "spire-bundle",
            "namespace": "default"
          }
        }
      }
    ]
  },
  "server": {
    "bind_address": "0.0.0.0",
    "bind_port": "8081",
    "ca_key_type": "rsa-2048",
    "ca_subject": [
      {
        "common_name": "example.org",
        "country": [
          "NL"
        ],
        "organization": [
          "Example"
        ]
      }
    ],
    "data_dir": "/run/spire/data",
    "default_jwt_svid_ttl": "1h",
    "default_x509_svid_ttl": "1h",
    "jwt_issuer": "oidc-discovery.example.org",
    "log_level": "info",
    "trust_domain": "example.org"
  }
}

@kfox1111
Copy link
Contributor

K. there were 3 things I needed to change to get it to start.

Put the array down one level. like:

-  - DataStore:
-      sql:
+    DataStore:
+    - sql:

Second, the service_account_allow_list array is already an array. so remove the - from it.

Third, there is a bug in 1.6.0 and 1.6.1 reguarding json loading. its fixed in trunk but not released yet: spiffe/spire#3939. For testing, can use the 1.5.4 version of the server.

@marcofranssen marcofranssen force-pushed the spire-config-as-yaml-converted-json branch 3 times, most recently from eb82932 to ba16b49 Compare March 13, 2023 08:59
@marcofranssen marcofranssen changed the title Change spire-server configmap to yaml, rendered as json Change spire configmaps to yaml, rendered as json Mar 13, 2023
@marcofranssen marcofranssen force-pushed the spire-config-as-yaml-converted-json branch from ba16b49 to 031cec6 Compare March 13, 2023 09:29
kfox1111
kfox1111 reviewed Mar 13, 2023
View reviewed changes
Copy link
Contributor

@kfox1111 kfox1111 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just the one little change that I can see. The rest looks good.

charts/spire/charts/spiffe-oidc-discovery-provider/templates/configmap.yaml Outdated Show resolved Hide resolved
@marcofranssen marcofranssen force-pushed the spire-config-as-yaml-converted-json branch 6 times, most recently from c2be1c4 to 7822595 Compare March 15, 2023 09:33
@marcofranssen marcofranssen mentioned this pull request Mar 15, 2023
Closed
@marcofranssen marcofranssen force-pushed the spire-config-as-yaml-converted-json branch 2 times, most recently from bd3ad10 to 3647eda Compare March 17, 2023 20:57
@marcofranssen
Copy link
Contributor Author

Rebased to have the federation option also included.

@marcofranssen marcofranssen force-pushed the spire-config-as-yaml-converted-json branch 3 times, most recently from 2e7cee1 to a9e2ffe Compare March 27, 2023 10:38
@marcofranssen marcofranssen force-pushed the spire-config-as-yaml-converted-json branch from a9e2ffe to 4777402 Compare March 31, 2023 09:03
@kfox1111
Copy link
Contributor

This kind of looks like the production-example test is not actually failing like it should?

@kfox1111
Copy link
Contributor

Yeah. There is an issue with the prod test. Fix is here: #183

@faisal-memon faisal-memon added this to the 0.7.0 milestone Apr 4, 2023
@marcofranssen marcofranssen force-pushed the spire-config-as-yaml-converted-json branch from 4777402 to 987108e Compare April 4, 2023 08:24
kfox1111
kfox1111 reviewed Apr 4, 2023
View reviewed changes
Copy link
Contributor

@kfox1111 kfox1111 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, due to merge ordering, we lost the nightly appVersion in the charts which is why all the tests are failing.

charts/spire/charts/spire-server/templates/configmap.yaml Outdated Show resolved Hide resolved
@marcofranssen marcofranssen force-pushed the spire-config-as-yaml-converted-json branch 3 times, most recently from ec7bc94 to 80466fe Compare April 6, 2023 07:05
@marcofranssen marcofranssen force-pushed the spire-config-as-yaml-converted-json branch from 728e2f8 to 6fc5363 Compare April 13, 2023 19:31
@kfox1111
Copy link
Contributor

Maybe I should have mentioned. All the suggestions would have to go in all at once to work, as its one patch.

@marcofranssen marcofranssen force-pushed the spire-config-as-yaml-converted-json branch 3 times, most recently from 42c2fbb to e846291 Compare April 14, 2023 07:54
@kfox1111
Copy link
Contributor

I'm not sure how, but the pr seems to have lost its '-'s for each plugin.

@kfox1111
Copy link
Contributor

Besides the issue in the suggestion, I think there is one more issue and this can merge.

charts/spire/README.md.gotmpl:| SPIRE | 1.5.3+, 1.6.x |
should be adjusted to 1.6.3+

same with README.md

@marcofranssen
Change spire-server configmap to yaml format
1d72b57 
Signed-off-by: Marco Franssen <marco.franssen@gmail.com>
@marcofranssen
Change spire-agent configmap to yaml format
861108c 
Signed-off-by: Marco Franssen <marco.franssen@gmail.com>
@marcofranssen marcofranssen force-pushed the spire-config-as-yaml-converted-json branch from 474b5ac to eaca827 Compare April 17, 2023 09:53
@marcofranssen
Change spiffe-oidc-provider-config configmap to yaml format
d7dcfeb 
Signed-off-by: Marco Franssen <marco.franssen@gmail.com>
@marcofranssen
Bump min required spire 1.6.x version for this chart
e3b0d00 
Signed-off-by: Marco Franssen <marco.franssen@gmail.com>
@marcofranssen marcofranssen force-pushed the spire-config-as-yaml-converted-json branch from eaca827 to e3b0d00 Compare April 17, 2023 10:02
@marcofranssen marcofranssen marked this pull request as ready for review April 17, 2023 10:04
kfox1111
kfox1111 approved these changes Apr 17, 2023
View reviewed changes
Copy link
Contributor

@kfox1111 kfox1111 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@marcofranssen marcofranssen merged commit 6b61744 into main Apr 17, 2023
@marcofranssen marcofranssen deleted the spire-config-as-yaml-converted-json branch April 17, 2023 15:50
marcofranssen added a commit that referenced this pull request Apr 26, 2023
@marcofranssen
Bump spire Helm Chart version from 0.6.3 to 0.7.0
5852bf5 
* 46f10e1 Merge pull request #237 from spiffe/fix-check-versions
* 3889d22 Fix quotation bug in update-version.sh
* 6a894e8 Move update-versions.sh script
* 91083a6 Add post-install scripts to all tests to capture failure details in GitHub workflow summary (#88)
* 9afb6f8 Merge pull request #242 from spiffe/shellcheck
* 99af475 Resolve shellcheck issues
* d0a1e12 Add workflow with shellcheck
* 8abd75e Merge pull request #241 from spiffe/dependabot/github_actions/sigstore/cosign-installer-3.0.3
* 252f1f5 Bump cosign to v2.0.2
* 247e3e5 Bump sigstore/cosign-installer from 3.0.2 to 3.0.3
* 17d62f1 Add an action to find new versions of helm charts (#184)
* 2c360a5 Add global for image registry (#201)
* 3cc8955 Move reusable macros to root chart (#218)
* 3fc8178 Add k8s 1.27 to CI + bump other versions to latest patches (#219)
* 6b61744 Merge pull request #113 from spiffe/spire-config-as-yaml-converted-json
* 9e03f29 Merge branch 'main' into spire-config-as-yaml-converted-json
* 210ed02 Remove dead code (#217)
* e3b0d00 Bump min required spire 1.6.x version for this chart
* d7dcfeb Change spiffe-oidc-provider-config configmap to yaml format
* 861108c Change spire-agent configmap to yaml format
* 1d72b57 Change spire-server configmap to yaml format

Signed-off-by: Marco Franssen <marco.franssen@gmail.com>
marcofranssen added a commit that referenced this pull request May 12, 2023
@marcofranssen
Bump spire Helm Chart version from 0.6.3 to 0.7.0
8f7314c 
* 65312f8 Include dependency values in documentation (#275)
* 5489212 Remove persistence.enabled flag (#274)
* b315324 Allow for ConfigMaps to be annotated (#272)
* 013eb61 Fix spacing for spire server service annotation (#273)
* 73435be Add project glossary. (#262)
* c4656a7 Replicas > 1 is not allowed with sqlite driver (#269)
* d3da3ee External database configuration (#225)
* ce78bea Add Edwin Buck as a maintainer. (#267)
* 1f09d7b Bump test chart dependencies (#264)
* aa6b40c Add project overview. (#258)
* 8e7e6eb Allow trust bundle url to be set along with format (#256)
* 1e09ea5 Bump peter-evans/create-pull-request from 5.0.0 to 5.0.1 (#253)
* 6760cd2 Bump test chart dependencies (#252)
* 61e338d Fix example production typos (#244)
* 3d81928 Add skipKubeletVerification configurable (#243)
* 46f10e1 Merge pull request #237 from spiffe/fix-check-versions
* 3889d22 Fix quotation bug in update-version.sh
* 6a894e8 Move update-versions.sh script
* 91083a6 Add post-install scripts to all tests to capture failure details in GitHub workflow summary (#88)
* 9afb6f8 Merge pull request #242 from spiffe/shellcheck
* 99af475 Resolve shellcheck issues
* d0a1e12 Add workflow with shellcheck
* 8abd75e Merge pull request #241 from spiffe/dependabot/github_actions/sigstore/cosign-installer-3.0.3
* 252f1f5 Bump cosign to v2.0.2
* 247e3e5 Bump sigstore/cosign-installer from 3.0.2 to 3.0.3
* 17d62f1 Add an action to find new versions of helm charts (#184)
* 2c360a5 Add global for image registry (#201)
* 3cc8955 Move reusable macros to root chart (#218)
* 3fc8178 Add k8s 1.27 to CI + bump other versions to latest patches (#219)
* 6b61744 Merge pull request #113 from spiffe/spire-config-as-yaml-converted-json
* 9e03f29 Merge branch 'main' into spire-config-as-yaml-converted-json
* 210ed02 Remove dead code (#217)
* e3b0d00 Bump min required spire 1.6.x version for this chart
* d7dcfeb Change spiffe-oidc-provider-config configmap to yaml format
* 861108c Change spire-agent configmap to yaml format
* 1d72b57 Change spire-server configmap to yaml format

Signed-off-by: Marco Franssen <marco.franssen@gmail.com>
@marcofranssen marcofranssen mentioned this pull request May 12, 2023
Merged
faisal-memon pushed a commit that referenced this pull request May 12, 2023
@marcofranssen
Bump spire Helm Chart version from 0.6.3 to 0.7.0 (#278)
8c5643b 
Please review the below changelog to ensure this matches up with the
semantic version being applied.

> **Note**: **Maintainers** ensure to run following after merging this
PR to trigger the release workflow:
>
> ```shell
> git checkout main
> git pull
> git checkout release
> git pull
> git merge main
> git push
> ```

**Changes in this release**

* 65312f8 Include dependency values in documentation (#275)
* 5489212 Remove persistence.enabled flag (#274)
* b315324 Allow for ConfigMaps to be annotated (#272)
* 013eb61 Fix spacing for spire server service annotation (#273)
* 73435be Add project glossary. (#262)
* c4656a7 Replicas > 1 is not allowed with sqlite driver (#269)
* d3da3ee External database configuration (#225)
* ce78bea Add Edwin Buck as a maintainer. (#267)
* 1f09d7b Bump test chart dependencies (#264)
* aa6b40c Add project overview. (#258)
* 8e7e6eb Allow trust bundle url to be set along with format (#256)
* 1e09ea5 Bump peter-evans/create-pull-request from 5.0.0 to 5.0.1
(#253)
* 6760cd2 Bump test chart dependencies (#252)
* 61e338d Fix example production typos (#244)
* 3d81928 Add skipKubeletVerification configurable (#243)
* 46f10e1 Merge pull request #237 from spiffe/fix-check-versions
* 3889d22 Fix quotation bug in update-version.sh
* 6a894e8 Move update-versions.sh script
* 91083a6 Add post-install scripts to all tests to capture failure
details in GitHub workflow summary (#88)
* 9afb6f8 Merge pull request #242 from spiffe/shellcheck
* 99af475 Resolve shellcheck issues
* d0a1e12 Add workflow with shellcheck
* 8abd75e Merge pull request #241 from
spiffe/dependabot/github_actions/sigstore/cosign-installer-3.0.3
* 252f1f5 Bump cosign to v2.0.2
* 247e3e5 Bump sigstore/cosign-installer from 3.0.2 to 3.0.3
* 17d62f1 Add an action to find new versions of helm charts (#184)
* 2c360a5 Add global for image registry (#201)
* 3cc8955 Move reusable macros to root chart (#218)
* 3fc8178 Add k8s 1.27 to CI + bump other versions to latest patches
(#219)
* 6b61744 Merge pull request #113 from
spiffe/spire-config-as-yaml-converted-json
* 9e03f29 Merge branch 'main' into spire-config-as-yaml-converted-json
* 210ed02 Remove dead code (#217)
* e3b0d00 Bump min required spire 1.6.x version for this chart
* d7dcfeb Change spiffe-oidc-provider-config configmap to yaml format
* 861108c Change spire-agent configmap to yaml format
* 1d72b57 Change spire-server configmap to yaml format

Signed-off-by: Marco Franssen <marco.franssen@gmail.com>
@kfox1111 kfox1111 mentioned this pull request Aug 22, 2023
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@kfox1111 kfox1111 kfox1111 approved these changes

@developer-guy developer-guy Awaiting requested review from developer-guy

@dfeldman dfeldman Awaiting requested review from dfeldman

@faisal-memon faisal-memon Awaiting requested review from faisal-memon

@mrsabath mrsabath Awaiting requested review from mrsabath

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.7.x
Development

Successfully merging this pull request may close these issues.

yaml based config
3 participants
@marcofranssen @kfox1111 @faisal-memon