issuer naming should respect issuer_name override #378

drewwells · 2023-07-05T21:40:42Z

align the spire-server configmap and issuer CR naming

charts/spire/charts/spire-server/templates/issuer.yaml

drewwells · 2023-07-05T22:14:01Z

Added a suffix to the CA issuer object name, so we don't accidentally conflict like I just did on the object names

charts/spire/charts/spire-server/templates/issuer.yaml

edwbuck

Don't build the compound names in the templates, define new variables in _helper.tpl or _spire_lib.tpl to capture the addition of the suffix to a new variable name, and then use that single definition as the name in the template files that produce YAML.

charts/spire/charts/spire-server/templates/issuer.yaml

align the spire-server configmap and issuer CR naming Signed-off-by: Drew Wells <dwells@infoblox.com>

edwbuck

Thanks for the changes to use issuerName instead of {{spire-server.fullname}}-selfsigned

Can you also do the same for the {{spire-server fullname}}-ca?

charts/spire/charts/spire-server/templates/issuer.yaml

Signed-off-by: Faisal Memon <fymemon@yahoo.com>

align the spire-server configmap and issuer CR naming --------- Signed-off-by: Drew Wells <dwells@infoblox.com> Signed-off-by: Faisal Memon <fymemon@yahoo.com> Co-authored-by: Faisal Memon <fymemon@yahoo.com>

* d2e1606 issuer naming should respect issuer_name override (#378) * a2e5c36 Bump test chart dependencies (#416) * a09e054 support annotations so oidc can be annotated (#391) * 7d94b10 Update spire to 1.7.1 (#412) * 9f4d4ac Add aws_pca to the spire-server (#404) * af13f1f Bump test chart dependencies (#401) * 9a6768b Add support for disabling container selectors (#399) * 4687e20 Merge pull request #315 from spiffe/persistence-type * e16210c Merge branch 'main' into persistence-type * 624ca9c Remove misadded lockfile (#400) * 7ce67c6 Bump actions/checkout from 3.5.2 to 3.5.3 (#395) * b85ba64 Bump helm/kind-action from 1.7.0 to 1.8.0 (#396) * a6bdb4d Add persistence type flag Signed-off-by: Faisal Memon <fymemon@yahoo.com>

* d2e1606 issuer naming should respect issuer_name override (#378) * a09e054 support annotations so oidc can be annotated (#391) * 7d94b10 Update spire to 1.7.1 (#412) * 9a6768b Add support for disabling container selectors (#399) * 624ca9c Remove misadded lockfile (#400) Signed-off-by: Faisal Memon <fymemon@yahoo.com>

Please review the below changelog to ensure this matches up with the semantic version being applied. **Note**: As this is a patch release we will make a cherry-picked release using a followup PR targetering the release branch. Will cherrypick the following commits into this patch release + the commit bumping this version number. **Changes in this release** * d2e1606 issuer naming should respect issuer_name override (#378) * a09e054 support annotations so oidc can be annotated (#391) * 7d94b10 Update spire to 1.7.1 (#412) * 9a6768b Add support for disabling container selectors (#399) * 624ca9c Remove misadded lockfile (#400) Signed-off-by: Faisal Memon <fymemon@yahoo.com>

* 5e2e8a9 Adds AWS KMS KeyManager support (#435) * 77fe43f Cron job to check for and update images (#249) * b7e1525 Allow job hooks to be disabled (#434) * 5e4cf6f Clarify project issues identified with nesting document (#450) * 7289351 Update spire bits to 1.7.2 (#452) * dc8a454 Array spacing in values is incorrect in a file. (#451) * 94326d9 Fixup Helm docs * ae8941c Support Nested Spire with External Agent (#117) * f40743d Improve Tornjak documentation (#439) * 0124f63 Bypass example-test for docs only changes (#449) * 48a2898 Fix chainguard image references as per issue 442 (#443) * bd393e9 Bump test chart dependencies (#445) * a52818a Add a FAQ and switch rare issue from README to it (#437) * e60f528 option to set KeyManager memory in spire server (#444) * a167ce6 Bump actions/setup-go from 4.0.1 to 4.1.0 * e774584 Bump test chart dependencies (#426) * bfec27e Fix jwtIssuer to allow for Uris including scheme (#425) * 7a6e4f8 Change Tornjak backend default port (#436) * 1e3039c Bump spire Helm Chart version from 0.11.0 to 0.11.1 (#419) * d2e1606 issuer naming should respect issuer_name override (#378) * a2e5c36 Bump test chart dependencies (#416) * a09e054 support annotations so oidc can be annotated (#391) * 7d94b10 Update spire to 1.7.1 (#412) * 9f4d4ac Add aws_pca to the spire-server (#404) * af13f1f Bump test chart dependencies (#401) * 9a6768b Add support for disabling container selectors (#399) * 4687e20 Merge pull request #315 from spiffe/persistence-type * e16210c Merge branch 'main' into persistence-type * 624ca9c Remove misadded lockfile (#400) * 7ce67c6 Bump actions/checkout from 3.5.2 to 3.5.3 (#395) * b85ba64 Bump helm/kind-action from 1.7.0 to 1.8.0 (#396) * a6bdb4d Add persistence type flag Signed-off-by: Marco Franssen <marco.franssen@gmail.com>

Please review the below changelog to ensure this matches up with the semantic version being applied. > **Note**: **Maintainers** ensure to run following after merging this PR to trigger the release workflow: > > ```shell > git checkout main > git pull > git checkout release > git pull > git merge main > git push > ``` **Changes in this release** * 5e2e8a9 Adds AWS KMS KeyManager support (#435) * 77fe43f Cron job to check for and update images (#249) * b7e1525 Allow job hooks to be disabled (#434) * 5e4cf6f Clarify project issues identified with nesting document (#450) * 7289351 Update spire bits to 1.7.2 (#452) * dc8a454 Array spacing in values is incorrect in a file. (#451) * 94326d9 Fixup Helm docs * ae8941c Support Nested Spire with External Agent (#117) * f40743d Improve Tornjak documentation (#439) * 0124f63 Bypass example-test for docs only changes (#449) * 48a2898 Fix chainguard image references as per issue 442 (#443) * bd393e9 Bump test chart dependencies (#445) * a52818a Add a FAQ and switch rare issue from README to it (#437) * e60f528 option to set KeyManager memory in spire server (#444) * a167ce6 Bump actions/setup-go from 4.0.1 to 4.1.0 * e774584 Bump test chart dependencies (#426) * bfec27e Fix jwtIssuer to allow for Uris including scheme (#425) * 7a6e4f8 Change Tornjak backend default port (#436) * 1e3039c Bump spire Helm Chart version from 0.11.0 to 0.11.1 (#419) * d2e1606 issuer naming should respect issuer_name override (#378) * a2e5c36 Bump test chart dependencies (#416) * a09e054 support annotations so oidc can be annotated (#391) * 7d94b10 Update spire to 1.7.1 (#412) * 9f4d4ac Add aws_pca to the spire-server (#404) * af13f1f Bump test chart dependencies (#401) * 9a6768b Add support for disabling container selectors (#399) * 4687e20 Merge pull request #315 from spiffe/persistence-type * e16210c Merge branch 'main' into persistence-type * 624ca9c Remove misadded lockfile (#400) * 7ce67c6 Bump actions/checkout from 3.5.2 to 3.5.3 (#395) * b85ba64 Bump helm/kind-action from 1.7.0 to 1.8.0 (#396) * a6bdb4d Add persistence type flag Signed-off-by: Marco Franssen <marco.franssen@gmail.com>

drewwells requested review from marcofranssen, kfox1111, developer-guy, dfeldman, faisal-memon, mrsabath and edwbuck as code owners July 5, 2023 21:40

kfox1111 reviewed Jul 5, 2023

View reviewed changes

charts/spire/charts/spire-server/templates/issuer.yaml Outdated Show resolved Hide resolved

drewwells force-pushed the issuerName branch 3 times, most recently from c6cfe3e to c132550 Compare July 5, 2023 22:13

kfox1111 reviewed Jul 6, 2023

View reviewed changes

charts/spire/charts/spire-server/templates/issuer.yaml Show resolved Hide resolved

edwbuck suggested changes Jul 6, 2023

View reviewed changes

charts/spire/charts/spire-server/templates/issuer.yaml Show resolved Hide resolved

issuer naming should respect issuer_name override

a1ec698

align the spire-server configmap and issuer CR naming Signed-off-by: Drew Wells <dwells@infoblox.com>

marcofranssen force-pushed the issuerName branch from c132550 to a1ec698 Compare July 7, 2023 11:54

edwbuck suggested changes Jul 7, 2023

View reviewed changes

charts/spire/charts/spire-server/templates/issuer.yaml Show resolved Hide resolved

edwbuck approved these changes Jul 9, 2023

View reviewed changes

faisal-memon modified the milestones: 0.12.0, 0.11.1 Jul 19, 2023

faisal-memon added 2 commits August 2, 2023 12:17

Update configmap

c06057a

Signed-off-by: Faisal Memon <fymemon@yahoo.com>

Merge branch 'main' into issuerName

f19893d

faisal-memon approved these changes Aug 2, 2023

View reviewed changes

faisal-memon enabled auto-merge (squash) August 2, 2023 19:41

Fix wait container

ccc76e4

Signed-off-by: Faisal Memon <fymemon@yahoo.com>

faisal-memon merged commit d2e1606 into spiffe:main Aug 2, 2023
19 checks passed

faisal-memon mentioned this pull request Aug 2, 2023

Bump spire Helm Chart version from 0.11.0 to 0.11.1 #419

Merged

faisal-memon mentioned this pull request Aug 3, 2023

Cut patch release 0.11.1 #420

Merged

marcofranssen mentioned this pull request Aug 18, 2023

Bump spire Helm Chart version from 0.11.1 to 0.12.0 #455

Merged

kfox1111 mentioned this pull request May 20, 2024

upstream cert-manager doesn't have rbac permissions for clusterissuers spiffe/helm-charts-hardened#358

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

issuer naming should respect issuer_name override #378

issuer naming should respect issuer_name override #378

drewwells commented Jul 5, 2023

drewwells commented Jul 5, 2023

edwbuck left a comment

edwbuck left a comment

issuer naming should respect issuer_name override #378

issuer naming should respect issuer_name override #378

Conversation

drewwells commented Jul 5, 2023

drewwells commented Jul 5, 2023

edwbuck left a comment

Choose a reason for hiding this comment

edwbuck left a comment

Choose a reason for hiding this comment