Skip to content
This repository has been archived by the owner on Oct 29, 2021. It is now read-only.

Spire k8s-workload-registrar #2006

Open
lobkovilya opened this issue Dec 17, 2019 · 1 comment
Open

Spire k8s-workload-registrar #2006

lobkovilya opened this issue Dec 17, 2019 · 1 comment
Labels
pinned Pin for stale-pod

Comments

@lobkovilya
Copy link
Collaborator

lobkovilya commented Dec 17, 2019
edited

Overview

Now we have registration.json file with spiffe entries that should be registered. Essentially this is simple mapping of ServiceAccount to SpiffeID. That's not really convenient way to manage spiffe entries.

Spire provides k8s-workload-registrar that register itself like admission-webhook and automatically register entries based on service accounts, labels or annotations.

Blocked by BoundServiceAccountTokenVolume feature of Kubernetes, which is still in alpha:
https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/
@stale
Copy link

stale bot commented Jan 16, 2020

This issue has been automatically marked as stale because it has not had activity in 30 days. It will be closed in 7 days if no further activity occurs. Thank you for your contributions.

@stale stale bot added the wontfix This will not be worked on label Jan 16, 2020
@nickolaev nickolaev added pinned Pin for stale-pod and removed wontfix This will not be worked on labels Jan 21, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
pinned Pin for stale-pod
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nickolaev @lobkovilya