Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add volumeClaimTemplates to the spire-server statefulset #10287

Merged
merged 1 commit into from
Dec 18, 2023
Merged

Add volumeClaimTemplates to the spire-server statefulset #10287

merged 1 commit into from
Dec 18, 2023

Conversation

glazychev-art
Copy link
Contributor

Description

Spire-server requires PersistentVolume for /run/spire/data.
Apparently, if the server is restarted, this data is used to issue the correct certificates.
If we don't use the PersistentVolume, then new and old certificates are not compatible with each other.

See manuals:

If you are using Kubeadm to run this tutorial, a default storage class and an associated provisioner must be manually created, otherwise the spire-server pod will stay in Pending status, showing the 1 pod has unbound immediate PersistentVolumeClaims error.
https://spiffe.io/docs/latest/try/getting-started-k8s/#overview

Example:
https://github.com/spiffe/spire-tutorials/blob/main/k8s/quickstart/server-statefulset.yaml#L54-L63

Issue link

#10286

How Has This Been Tested?

  • Added unit testing to cover
  • Tested manually
  • Tested by integration testing
  • Have not tested

Types of changes

  • Bug fix
  • New functionality
  • Documentation
  • Refactoring
  • CI

@glazychev-art
Copy link
Contributor Author

@szvincze
Please take a look if you have a chance

szvincze
szvincze approved these changes Nov 9, 2023
View reviewed changes
Copy link
Contributor

@szvincze szvincze left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me.

With this change we don't need to restart spire-agents at the end of this test anymore:
https://github.com/networkservicemesh/deployments-k8s/blob/main/examples/heal/spire-server-restart/README.md

@glazychev-art
Add volumeClaimTemplates to the spire-server statefulset
b83ee8d 
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
@glazychev-art
Copy link
Contributor Author

With this change we don't need to restart spire-agents at the end of this test anymore:
https://github.com/networkservicemesh/deployments-k8s/blob/main/examples/heal/spire-server-restart/README.md

Thanks! Fixed

denis-tingaikin
denis-tingaikin approved these changes Nov 28, 2023
View reviewed changes
Copy link
Member

@denis-tingaikin denis-tingaikin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We internally and quickly discussed this with Ed, and it's looking good.

It is planned to merge when we stabilise the main examples on kind clusters.

@denis-tingaikin denis-tingaikin merged commit e541301 into networkservicemesh:main Dec 18, 2023
6 checks passed
nsmbot pushed a commit to networkservicemesh/integration-tests that referenced this pull request Dec 18, 2023
Update go.mod and go.sum to latest version from networkservicemesh/de…
c5c3551 
…ployments-k8s@main

PR link: networkservicemesh/deployments-k8s#10287

Commit: ddcfbad
Author: Network Service Mesh Bot
Date: 2023-12-18 02:49:16 -0600
Message:
  - Update go.mod and go.sum to latest version from networkservicemesh/de…
Signed-off-by: NSMBot <nsmbot@networkservicmesh.io>
@nsmbot nsmbot mentioned this pull request Dec 18, 2023
Merged
@denis-tingaikin denis-tingaikin mentioned this pull request Dec 18, 2023
Open
@denis-tingaikin denis-tingaikin mentioned this pull request Jun 4, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@szvincze szvincze szvincze approved these changes

@denis-tingaikin denis-tingaikin denis-tingaikin approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@glazychev-art @denis-tingaikin @szvincze