Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make local spire more configurable #1274

Merged
merged 2 commits into from
May 6, 2022

Conversation

glazychev-art
Copy link
Contributor

Signed-off-by: Artem Glazychev artem.glazychev@xored.com

Description

With this PR we can customize the spire configuration.

Main things that have been added:

  • Federation field
  • Agent configuration option
  • Server configuration option
  • Slightly simplified the default configuration - spire has default values ​​in the latest version

Issue link

networkservicemesh/cmd-nse-simple-vl3-docker#1

How Has This Been Tested?

  • Added unit testing to cover
  • Tested manually
  • Tested by docker tests
  • Have not tested

Types of changes

  • Bug fix
  • New functionallity
  • Documentation
  • Refactoring
  • CI

Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
@glazychev-art glazychev-art marked this pull request as ready for review May 4, 2022 12:50
Copy link
Member

@denis-tingaikin denis-tingaikin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Others things are good. Please focus on non breaking changes

@@ -49,11 +53,33 @@ func WithAgentID(agentID string) Option {
}

// WithEntry - Option to add Entry to spire-server. May be used multiple times.
func WithEntry(spiffeID, selector string) Option {
func WithEntry(spiffeID, selector, federatesWith string) Option {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This could break all cmd apps. Please consider about adding a new option WitthFederatesEntry or something like that

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

func AddEntry(ctx context.Context, parentID, spiffeID, selector string) error {
cmdStr := "spire-server entry create -parentID %s -spiffeID %s -selector %s -socketPath %s/api.sock"
cmdStr = fmt.Sprintf(cmdStr, parentID, spiffeID, selector, spireRoot)
func AddEntry(ctx context.Context, parentID, spiffeID, selector, federatesWith string) error {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it using by docker tests in current apps?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes it is used

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we save backward compativlity?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I misunderstood you. AddEntry - is not used directly in apps. Currently, we only use WithEntry option for this purpose.

Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
@denis-tingaikin denis-tingaikin merged commit 3a426c3 into networkservicemesh:main May 6, 2022
nsmbot pushed a commit to networkservicemesh/cmd-ipam-vl3 that referenced this pull request May 6, 2022
…k@main

PR link: networkservicemesh/sdk#1274

Commit: 3a426c3
Author: Artem Glazychev
Date: 2022-05-06 21:16:07 +0700
Message:
  - Make local spire more configurable (#1274)
* Make local spire more configurable

Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>

* Add federated entry separately

Signed-off-by: NSMBot <nsmbot@networkservicmesh.io>
nsmbot pushed a commit to networkservicemesh/cmd-nse-vfio that referenced this pull request May 6, 2022
…k@main

PR link: networkservicemesh/sdk#1274

Commit: 3a426c3
Author: Artem Glazychev
Date: 2022-05-06 21:16:07 +0700
Message:
  - Make local spire more configurable (#1274)
* Make local spire more configurable

Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>

* Add federated entry separately

Signed-off-by: NSMBot <nsmbot@networkservicmesh.io>
nsmbot pushed a commit to networkservicemesh/cmd-nsmgr-proxy that referenced this pull request May 6, 2022
…k@main

PR link: networkservicemesh/sdk#1274

Commit: 3a426c3
Author: Artem Glazychev
Date: 2022-05-06 21:16:07 +0700
Message:
  - Make local spire more configurable (#1274)
* Make local spire more configurable

Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>

* Add federated entry separately

Signed-off-by: NSMBot <nsmbot@networkservicmesh.io>
nsmbot pushed a commit to networkservicemesh/cmd-map-ip-k8s that referenced this pull request May 6, 2022
…k@main

PR link: networkservicemesh/sdk#1274

Commit: 3a426c3
Author: Artem Glazychev
Date: 2022-05-06 21:16:07 +0700
Message:
  - Make local spire more configurable (#1274)
* Make local spire more configurable

Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>

* Add federated entry separately

Signed-off-by: NSMBot <nsmbot@networkservicmesh.io>
nsmbot pushed a commit to networkservicemesh/cmd-admission-webhook-k8s that referenced this pull request May 6, 2022
…k@main

PR link: networkservicemesh/sdk#1274

Commit: 3a426c3
Author: Artem Glazychev
Date: 2022-05-06 21:16:07 +0700
Message:
  - Make local spire more configurable (#1274)
* Make local spire more configurable

Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>

* Add federated entry separately

Signed-off-by: NSMBot <nsmbot@networkservicmesh.io>
nsmbot pushed a commit to networkservicemesh/sdk-kernel that referenced this pull request May 6, 2022
…k@main

PR link: networkservicemesh/sdk#1274

Commit: 3a426c3
Author: Artem Glazychev
Date: 2022-05-06 21:16:07 +0700
Message:
  - Make local spire more configurable (#1274)
* Make local spire more configurable

Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>

* Add federated entry separately

Signed-off-by: NSMBot <nsmbot@networkservicmesh.io>
nsmbot pushed a commit to networkservicemesh/cmd-nsmgr that referenced this pull request May 6, 2022
…k@main

PR link: networkservicemesh/sdk#1274

Commit: 3a426c3
Author: Artem Glazychev
Date: 2022-05-06 21:16:07 +0700
Message:
  - Make local spire more configurable (#1274)
* Make local spire more configurable

Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>

* Add federated entry separately

Signed-off-by: NSMBot <nsmbot@networkservicmesh.io>
nsmbot pushed a commit to networkservicemesh/cmd-nse-remote-vlan that referenced this pull request May 6, 2022
…k@main

PR link: networkservicemesh/sdk#1274

Commit: 3a426c3
Author: Artem Glazychev
Date: 2022-05-06 21:16:07 +0700
Message:
  - Make local spire more configurable (#1274)
* Make local spire more configurable

Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>

* Add federated entry separately

Signed-off-by: NSMBot <nsmbot@networkservicmesh.io>
nsmbot pushed a commit to networkservicemesh/cmd-nsc-init that referenced this pull request May 6, 2022
…k@main

PR link: networkservicemesh/sdk#1274

Commit: 3a426c3
Author: Artem Glazychev
Date: 2022-05-06 21:16:07 +0700
Message:
  - Make local spire more configurable (#1274)
* Make local spire more configurable

Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>

* Add federated entry separately

Signed-off-by: NSMBot <nsmbot@networkservicmesh.io>
nsmbot pushed a commit to networkservicemesh/cmd-registry-memory that referenced this pull request May 6, 2022
…k@main

PR link: networkservicemesh/sdk#1274

Commit: 3a426c3
Author: Artem Glazychev
Date: 2022-05-06 21:16:07 +0700
Message:
  - Make local spire more configurable (#1274)
* Make local spire more configurable

Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>

* Add federated entry separately

Signed-off-by: NSMBot <nsmbot@networkservicmesh.io>
nsmbot pushed a commit to networkservicemesh/cmd-registry-proxy-dns that referenced this pull request May 6, 2022
…k@main

PR link: networkservicemesh/sdk#1274

Commit: 3a426c3
Author: Artem Glazychev
Date: 2022-05-06 21:16:07 +0700
Message:
  - Make local spire more configurable (#1274)
* Make local spire more configurable

Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>

* Add federated entry separately

Signed-off-by: NSMBot <nsmbot@networkservicmesh.io>
nsmbot pushed a commit to networkservicemesh/sdk-k8s that referenced this pull request May 6, 2022
…k@main

PR link: networkservicemesh/sdk#1274

Commit: 3a426c3
Author: Artem Glazychev
Date: 2022-05-06 21:16:07 +0700
Message:
  - Make local spire more configurable (#1274)
* Make local spire more configurable

Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>

* Add federated entry separately

Signed-off-by: NSMBot <nsmbot@networkservicmesh.io>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants