nsm-spire image #773
Comments
|
Currently, we do not plan to add automatization for spire registration. I feel this may be scheduled in the future. @edwarnicke , @fkautz Could you share thoughts about this? |
|
@rpiceage Could you provide more specific detail around your needs in this regard. It may make more sense for us to contribute upstream to spire. |
|
@edwarnicke The aim is to be able to ship the config together with the other stuff, so we want to avoid additional config steps through the spire server CLI after deployment. The nsm-spire sidecar is exactly doing this together with the config file called registration.json which contains the necessary entries for spire. |
|
@rpiceage Got it. So it sounds like something that would let you ship a CRD for config (ie, just another part of the yaml) would meet your needs. Its more a declarative vs imperative thing than anything. I've kicked off a conversation on the spire slack here. Would be good to get more voices there :) |
|
@rpiceage Question: if the existing spire-server containers could have identities updated via ConfigMaps updating config files for that container... would it get you where you need to go? |
|
@edwarnicke As I understand, the config file for the spire server could not contain the entries needed to be injected as our configuration. |
|
@edwarnicke It seems that the k8s-workload-registrar image provided by Spire works for us, so there is no need for the former nsm-spire functionality at the moment. |
|
@rpiceage Excellent news! |
|
it sounds like we can simplify a bit our examples if we'll use |
|
@denis-tingaikin Lets look into it :) |
…d-nsc-init@main PR link: networkservicemesh/cmd-nsc-init#773 Commit: 9ab1937 Author: Network Service Mesh Bot Date: 2024-08-15 15:58:12 -0500 Message: - Update go.mod and go.sum to latest version from networkservicemesh/sdk-sriov@main (#773) PR link: networkservicemesh/sdk-sriov#606 Commit: 119f4be Author: Network Service Mesh Bot Date: 2024-08-15 15:55:02 -0500 Message: - Update go.mod and go.sum to latest version from networkservicemesh/sdk-kernel@main (#606) PR link: networkservicemesh/sdk-kernel#675 Commit: 8fc8a72 Author: Network Service Mesh Bot Date: 2024-08-15 15:51:37 -0500 Message: - Update go.mod and go.sum to latest version from networkservicemesh/sdk@main (#675) PR link: networkservicemesh/sdk#1658 Commit: eeb0114 Author: Network Service Mesh Bot Date: 2024-08-15 15:49:07 -0500 Message: - Update go.mod and go.sum to latest version from networkservicemesh/api@main (#1658) PR link: networkservicemesh/api#174 Commit: fdbfcd8 Author: Nikita Skrynnik Date: 2024-08-15 21:15:54 +1100 Message: - Revert changes in strToIPNet func (#174) Signed-off-by: NSMBot <nsmbot@networkservicmesh.io>
…d-forwarder-sriov@main PR link: networkservicemesh/cmd-forwarder-sriov#773 Commit: 0c2ec1c Author: Network Service Mesh Bot Date: 2024-09-30 20:52:12 -0500 Message: - Update go.mod and go.sum to latest version from networkservicemesh/sdk-k8s@main (#773) PR link: networkservicemesh/sdk-k8s#527 Commit: cac9089 Author: Ed Warnicke Date: 2024-09-30 20:48:37 -0500 Message: - Merge pull request #527 from networkservicemesh/fix-etcd-ifcase-update Signed-off-by: NSMBot <nsmbot@networkservicmesh.io>
…d-forwarder-sriov@main (#12332) PR link: networkservicemesh/cmd-forwarder-sriov#773 Commit: 0c2ec1c Author: Network Service Mesh Bot Date: 2024-09-30 20:52:12 -0500 Message: - Update go.mod and go.sum to latest version from networkservicemesh/sdk-k8s@main (#773) PR link: networkservicemesh/sdk-k8s#527 Commit: cac9089 Author: Ed Warnicke Date: 2024-09-30 20:48:37 -0500 Message: - Merge pull request #527 from networkservicemesh/fix-etcd-ifcase-update Signed-off-by: NSMBot <nsmbot@networkservicmesh.io> Co-authored-by: NSMBot <nsmbot@networkservicmesh.io>
In NSM old gen there was an nsm-spire sidecar image for handling spire configuration. Is there any plan to create it for the next gen also? Or is there some recommended way how to handle spire workload registration based on config files, without entry create commands?
The text was updated successfully, but these errors were encountered: