Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[security] Move SPIRE Server Into its Own Namespace #992

Merged
merged 9 commits into from
Jun 9, 2024
Merged

[security] Move SPIRE Server Into its Own Namespace #992

merged 9 commits into from
Jun 9, 2024

Conversation

v0lkan
Copy link
Contributor

@v0lkan v0lkan commented Jun 9, 2024

Move SPIRE Server to Its Own Namespace

Description

This PR moves SPIRE server into its own namespace for better isolation and security.

There are additional changes too that I’ll annotate in the code review comments.

Changes

  • Moved SPIRE Server to spire-server namespace (from spire-system; configurable).
  • Configuration changes that allow this.
  • Added OpenShift-related values to ignoreNamespaces.
  • Other minor changes.

Test Policy Compliance

  • I have added or updated unit tests for my changes.
  • I have included integration tests where applicable.
  • All new and existing tests pass successfully.

Code Quality

  • I have followed the coding standards for this project.
  • I have performed a self-review of my code.
  • My code is well-commented, particularly in areas that may be difficult
    to understand.

Documentation

  • I have made corresponding changes to the documentation (if applicable).
  • I have updated any relevant READMEs or wiki pages.

Additional Comments

Include any additional comments or context about the PR here.

Checklist

Before you submit this PR, please make sure:

  • You have read the contributing guidelines and
    especially the test policy.
  • You have thoroughly tested your changes.
  • You have followed all the contributing guidelines for this project.
  • You understand and agree that your contributions will be publicly available
    under the project's license.

By submitting this pull request, you confirm that my contribution is made under
the terms of the project's license and that you have the authority to grant
these rights.

Thank you for your contribution to VMware Secrets Manager
🐢⚡️!

@v0lkan
Manifests update
5e5e995 
Signed-off-by: Volkan Ozcelik <me@volkan.io>
@v0lkan
Add hook annotations.
2568697 
Signed-off-by: Volkan Ozcelik <me@volkan.io>
@v0lkan
Manifest changes
ac9b23b 
Signed-off-by: Volkan Ozcelik <me@volkan.io>
@v0lkan
Updated build scripts
bdaf136 
Signed-off-by: Volkan Ozcelik <me@volkan.io>
@v0lkan
Manifest update.
d662679 
Signed-off-by: Volkan Ozcelik <me@volkan.io>
@v0lkan
Chart update.
e1897dc 
Signed-off-by: Volkan Ozcelik <me@volkan.io>
@v0lkan
Manifest update.
0199d5a 
Signed-off-by: Volkan Ozcelik <me@volkan.io>
@v0lkan
Config changes.
ac4bcea 
Signed-off-by: Volkan Ozcelik <me@volkan.io>
@v0lkan
Update charts
13d8637 
Signed-off-by: Volkan Ozcelik <me@volkan.io>
@v0lkan v0lkan self-assigned this Jun 9, 2024
@v0lkan v0lkan requested a review from BulldromeQ as a code owner June 9, 2024 08:55
@v0lkan
Copy link
Contributor Author

v0lkan commented Jun 9, 2024

@BulldromeQ » This aligns better with RIC OpenShift deployment, where SPIRE Server is in its own namespace.

And it is better security regardless.

@v0lkan v0lkan merged commit bcfc8c7 into main Jun 9, 2024
@v0lkan v0lkan deleted the ovolkan/new-ns branch June 9, 2024 08:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@abhishek44sharma abhishek44sharma Awaiting requested review from abhishek44sharma

@BulldromeQ BulldromeQ Awaiting requested review from BulldromeQ BulldromeQ is a code owner

Assignees

@v0lkan v0lkan

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@v0lkan