Update to newer Spire version

Nordix · Apr 18, 2024 · 00c2928 · 00c2928
1 parent 0d7c4e5
commit 00c2928
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 3 deletions.
diff --git a/docs/demo/deployments/spire/values.yaml b/docs/demo/deployments/spire/values.yaml
@@ -0,0 +1,26 @@
+spiffe-csi-driver:
+  enabled: false
+spiffe-oidc-discovery-provider:
+  enabled: false
+spire-agent:
+  socketPath: /run/spire/sockets/agent.sock
+spire-server:
+  # nodeAttestor:
+  #   k8sPsat:
+  #     audience: []
+  #   externalK8sPsat:
+  #     defaults:
+  #       audience: []
+  controllerManager: 
+    identities:
+      clusterSPIFFEIDs:
+        default:
+          autoPopulateDNSNames: true
+          dnsNameTemplates: 
+          - "{{ .PodMeta.Name }}"
+global:
+  spire:
+    caSubject:
+      country: US
+      organization: SPIFFE
+      commonName: ""
diff --git a/docs/demo/scripts/kind/Makefile b/docs/demo/scripts/kind/Makefile
@@ -148,12 +148,14 @@ clean: kind-delete-cluster kind-delete-gateways ## Delete the Kind cluster and t
 
 .PHONY: install-spire
 install-spire: ## Install spire
-	kubectl apply -k ../../deployments/spire
+	helm repo add spiffe https://spiffe.github.io/helm-charts-hardened/ ; \
+	helm repo update ; \
+	helm install -n spire --create-namespace my-spire-crds spiffe/spire-crds --version 0.4.0 ; \
+	helm install -n spire --create-namespace my-spire spiffe/spire --version 0.20.0 -f ../../deployments/spire/values.yaml
 
 .PHONY: wait-spire
 wait-spire: ## Wait for spire to be ready
-	kubectl wait -n spire --timeout=$(WAIT_TIMEOUT) --for=condition=ready pod -l app=spire-agent ; \
-	kubectl wait -n spire --timeout=$(WAIT_TIMEOUT) --for=condition=ready pod -l app=spire-server
+	kubectl wait -n spire --timeout=$(WAIT_TIMEOUT) --for=condition=ready pod -l app.kubernetes.io/instance=my-spire
 
 #############################################################################
 ##@ NSM