Fix usage of Docker Compose (#139)

* Fix GitHub PR workflow

- Use "docker compose" rather than "docker-compose" command to be
  compatible with latest Docker versions
- Bump actions versions to latest

Signed-off-by: Ryan Turner <ryan.turner253@icloud.com>
Signed-off-by: Sorin Dumitru <sorin@returnze.ro>
Co-authored-by: Sorin Dumitru <sorin@returnze.ro>

.github/workflows/pr_build.yml

@@ -15,9 +15,9 @@ jobs:
     timeout-minutes: 30
     steps: 
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Setup go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v5
         with:
           go-version: ${{ env.GO_VERSION }}
       - name: install minikube

docker-compose/federation/1-start-spire-agents.sh

@@ -7,21 +7,21 @@ nn=$(tput sgr0)
 
 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 
-docker-compose -f "${DIR}"/docker-compose.yaml exec -T spire-server-broker bin/spire-server bundle show 
+docker compose -f "${DIR}"/docker-compose.yaml exec -T spire-server-broker bin/spire-server bundle show 
 
 # Bootstrap trust to the SPIRE server for each agent by copying over the
 # trust bundle into each agent container.
 echo "${bb}Bootstrapping trust between SPIRE agents and SPIRE servers...${nn}"
-docker-compose -f "${DIR}"/docker-compose.yaml exec -T spire-server-broker bin/spire-server bundle show |
+docker compose -f "${DIR}"/docker-compose.yaml exec -T spire-server-broker bin/spire-server bundle show |
-	docker-compose -f "${DIR}"/docker-compose.yaml exec -T broker-webapp tee conf/agent/bootstrap.crt
+	docker compose -f "${DIR}"/docker-compose.yaml exec -T broker-webapp tee conf/agent/bootstrap.crt
 
-docker-compose -f "${DIR}"/docker-compose.yaml exec -T spire-server-stock bin/spire-server bundle show |
+docker compose -f "${DIR}"/docker-compose.yaml exec -T spire-server-stock bin/spire-server bundle show |
-	docker-compose -f "${DIR}"/docker-compose.yaml exec -T stock-quotes-service tee conf/agent/bootstrap.crt
+	docker compose -f "${DIR}"/docker-compose.yaml exec -T stock-quotes-service tee conf/agent/bootstrap.crt
 
 # Start up the broker-webapp SPIRE agent.
 echo "${bb}Starting broker-webapp SPIRE agent...${nn}"
-docker-compose -f "${DIR}"/docker-compose.yaml exec -d broker-webapp bin/spire-agent run
+docker compose -f "${DIR}"/docker-compose.yaml exec -d broker-webapp bin/spire-agent run
 
 # Start up the stock-quotes-service SPIRE agent.
 echo "${bb}Starting stock-quotes-service SPIRE agent...${nn}"
-docker-compose -f "${DIR}"/docker-compose.yaml exec -d stock-quotes-service bin/spire-agent run
+docker compose -f "${DIR}"/docker-compose.yaml exec -d stock-quotes-service bin/spire-agent run

docker-compose/federation/2-bootstrap-federation.sh

@@ -8,13 +8,13 @@ nn=$(tput sgr0)
 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 
 echo "${bb}bootstrapping bundle from broker to quotes-service server...${nn}"
-docker-compose -f "${DIR}"/docker-compose.yaml exec -T spire-server-broker \
+docker compose -f "${DIR}"/docker-compose.yaml exec -T spire-server-broker \
     /opt/spire/bin/spire-server bundle show -format spiffe > "${DIR}"/docker/spire-server-stockmarket.example/conf/broker.example.bundle
-docker-compose -f "${DIR}"/docker-compose.yaml exec -T spire-server-stock \
+docker compose -f "${DIR}"/docker-compose.yaml exec -T spire-server-stock \
     /opt/spire/bin/spire-server bundle set -format spiffe -id spiffe://broker.example -path /opt/spire/conf/server/broker.example.bundle
 
 echo "${bb}bootstrapping bundle from quotes-service to broker server...${nn}"
-docker-compose -f "${DIR}"/docker-compose.yaml exec -T spire-server-stock \
+docker compose -f "${DIR}"/docker-compose.yaml exec -T spire-server-stock \
     /opt/spire/bin/spire-server bundle show -format spiffe > "${DIR}"/docker/spire-server-broker.example/conf/stockmarket.example.bundle
-docker-compose -f "${DIR}"/docker-compose.yaml exec -T spire-server-broker \
+docker compose -f "${DIR}"/docker-compose.yaml exec -T spire-server-broker \
     /opt/spire/bin/spire-server bundle set -format spiffe -id spiffe://stockmarket.example -path /opt/spire/conf/server/stockmarket.example.bundle

docker-compose/federation/3-create-registration-entries.sh

@@ -18,14 +18,14 @@ BROKER_WEBAPP_AGENT_FINGERPRINT=$(fingerprint ${DIR}/docker/broker-webapp/conf/a
 QUOTES_SERVICE_AGENT_FINGERPRINT=$(fingerprint ${DIR}/docker/stock-quotes-service/conf/agent.crt.pem)
 
 echo "${bb}Creating registration entry for the broker-webapp...${nn}"
-docker-compose -f "${DIR}"/docker-compose.yaml exec -T spire-server-broker bin/spire-server entry create \
+docker compose -f "${DIR}"/docker-compose.yaml exec -T spire-server-broker bin/spire-server entry create \
 	-parentID spiffe://broker.example/spire/agent/x509pop/${BROKER_WEBAPP_AGENT_FINGERPRINT} \
 	-spiffeID spiffe://broker.example/webapp \
 	-selector unix:uid:0 \
 	-federatesWith "spiffe://stockmarket.example"
 
 echo "${bb}Creating registration entry for the stock-quotes-service...${nn}"
-docker-compose -f "${DIR}"/docker-compose.yaml exec -T spire-server-stock bin/spire-server entry create \
+docker compose -f "${DIR}"/docker-compose.yaml exec -T spire-server-stock bin/spire-server entry create \
 	-parentID spiffe://stockmarket.example/spire/agent/x509pop/${QUOTES_SERVICE_AGENT_FINGERPRINT} \
 	-spiffeID spiffe://stockmarket.example/quotes-service \
 	-selector unix:uid:0 \

docker-compose/federation/README.md

@@ -289,7 +289,7 @@ $ ./build.sh
 Run the following command to start the SPIRE Servers and the applications:
 
 ```
-$ docker-compose up -d
+$ docker compose up -d
 ```
 
 ## Start SPIRE Agents 
@@ -327,7 +327,7 @@ Open up a browser to http://localhost:8080/quotes and you should see a grid of r
 To see the broker's SPIRE Server configuration you can run:
 
 ```
-$ docker-compose exec spire-server-broker cat conf/server/server.conf
+$ docker compose exec spire-server-broker cat conf/server/server.conf
 ```
 
 You should see:
@@ -385,7 +385,7 @@ plugins {
 To see the stock market's SPIRE Server configuration you can run:
 
 ```
-$ docker-compose exec spire-server-stock cat conf/server/server.conf
+$ docker compose exec spire-server-stock cat conf/server/server.conf
 ```
 
 You should see:
@@ -445,7 +445,7 @@ plugins {
 To see the broker's SPIRE Server registration entries you can run:
 
 ```
-$ docker-compose exec spire-server-broker bin/spire-server entry show
+$ docker compose exec spire-server-broker bin/spire-server entry show
 ```
 
 You should see something like this:
@@ -464,7 +464,7 @@ FederatesWith : spiffe://stockmarket.example
 To see the stock martket's SPIRE Server registration entries you can run:
 
 ```
-$ docker-compose exec spire-server-stock bin/spire-server entry show
+$ docker compose exec spire-server-stock bin/spire-server entry show
 ```
 
 You should see something like this:
@@ -483,5 +483,5 @@ FederatesWith : spiffe://broker.example
 ## Cleanup
 
 ```
-$ docker-compose down
+$ docker compose down
 ```

docker-compose/federation/build.sh

@@ -7,4 +7,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 (cd "${DIR}"/src/broker-webapp && CGO_ENABLED=0 GOOS=linux go build -v -o "${DIR}"/docker/broker-webapp/broker-webapp)
 (cd "${DIR}"/src/stock-quotes-service && CGO_ENABLED=0 GOOS=linux go build -v -o "${DIR}"/docker/stock-quotes-service/stock-quotes-service)
 
-docker-compose -f "${DIR}"/docker-compose.yaml build
+docker compose -f "${DIR}"/docker-compose.yaml build

docker-compose/federation/docker-compose.yaml

@@ -1,4 +1,3 @@
-version: '3'
 services:
 
   spire-server-stock:

docker-compose/federation/scripts/clean-env.sh

@@ -7,6 +7,6 @@ PARENT_DIR="$(dirname "$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )")"
 norm=$(tput sgr0) || true
 green=$(tput setaf 2) || true
 
-docker-compose -f "${PARENT_DIR}"/docker-compose.yaml down
+docker compose -f "${PARENT_DIR}"/docker-compose.yaml down
 
 echo "${green}Cleaning completed.${norm}"

docker-compose/federation/scripts/set-env.sh

@@ -24,7 +24,7 @@ check-entry-is-propagated() {
   # Wait one second between checks.
   log "Checking registration entry is propagated..."
   for ((i=1;i<=30;i++)); do
-      if docker-compose -f "${PARENT_DIR}"/docker-compose.yaml exec -T $1 cat /opt/spire/agent.log 2>&1 | grep -qe "$2"; then
+      if docker compose -f "${PARENT_DIR}"/docker-compose.yaml exec -T $1 cat /opt/spire/agent.log 2>&1 | grep -qe "$2"; then
           log "${green}Entry is propagated.${nn}"
           return 0
       fi
@@ -40,7 +40,7 @@ log "Building"
 bash "${PARENT_DIR}"/build.sh
 
 log "Starting container"
-docker-compose -f "${PARENT_DIR}"/docker-compose.yaml up -d
+docker compose -f "${PARENT_DIR}"/docker-compose.yaml up -d
 
 bash "${PARENT_DIR}"/1-start-spire-agents.sh
 

docker-compose/federation/test.sh

@@ -34,7 +34,7 @@ clean-env
 bash "${DIR}"/scripts/set-env.sh
 
 for ((i=0;i<60;i++)); do
-    if docker-compose -f "${DIR}"/docker-compose.yaml exec -T broker-webapp wget localhost:8080/quotes -O - 2>&1 | grep -qe "Quotes service unavailable"; then
+    if docker compose -f "${DIR}"/docker-compose.yaml exec -T broker-webapp wget localhost:8080/quotes -O - 2>&1 | grep -qe "Quotes service unavailable"; then
 	log "Service not found, retrying..."
 	sleep 1
 	continue

docker-compose/metrics/README.md

@@ -128,7 +128,7 @@ $ bash scripts/set-env.sh
 
 Once the script is completed, in another terminal run the following command to review the logs from all the services:
 ```console
-$ docker-compose logs -f -t
+$ docker compose logs -f -t
 ```
 
 

docker-compose/metrics/docker-compose.yaml

@@ -1,4 +1,3 @@
-version: '3'
 services:
   graphite-statsd:
     image: graphiteapp/graphite-statsd:1.1.7-6

docker-compose/metrics/scripts/clean-env.sh

@@ -7,6 +7,6 @@ PARENT_DIR="$(dirname "$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )")"
 norm=$(tput sgr0) || true
 green=$(tput setaf 2) || true
 
-docker-compose -f "${PARENT_DIR}"/docker-compose.yaml down
+docker compose -f "${PARENT_DIR}"/docker-compose.yaml down
 
 echo "${green}Cleaning completed.${norm}"

docker-compose/metrics/scripts/create-workload-registration-entry.sh

@@ -29,7 +29,7 @@ check-entry-is-propagated() {
   # Wait one second between checks.
   log "Checking registration entry is propagated..."
   for ((i=1;i<=30;i++)); do
-      if docker-compose -f "${PARENT_DIR}"/docker-compose.yaml logs $1 | grep -qe "$2"; then
+      if docker compose -f "${PARENT_DIR}"/docker-compose.yaml logs $1 | grep -qe "$2"; then
           log "${green}Entry is propagated.${nn}"
           return 0
       fi
@@ -43,7 +43,7 @@ check-entry-is-propagated() {
 
 # Workload for workload-A deployment
 log "creating workload-A workload registration entries..."
-docker-compose -f "${PARENT_DIR}"/docker-compose.yaml exec -T spire-server \
+docker compose -f "${PARENT_DIR}"/docker-compose.yaml exec -T spire-server \
     /opt/spire/bin/spire-server entry create \
     -parentID "spiffe://example.org/spire/agent/x509pop/$(fingerprint "${PARENT_DIR}"/spire/agent/agent.crt.pem)" \
     -spiffeID "spiffe://example.org/workload-A" \

docker-compose/metrics/scripts/fetch_svid.sh

@@ -4,7 +4,7 @@ set -e
 
 echo "Will call api fetch x509 100 times in a random interval between 1 and 10 of seconds."
 for ((i=0;i<100;i++)); do
-    docker-compose exec -u 1001 -T spire-agent \
+    docker compose exec -u 1001 -T spire-agent \
         /opt/spire/bin/spire-agent api fetch x509 \
         -socketPath /opt/spire/sockets/workload_api.sock > /dev/null
     sleep $(( $RANDOM % 10 + 1 ))

docker-compose/metrics/scripts/set-env.sh

@@ -12,16 +12,16 @@ log() {
 }
 
 log "Start StatsD-Graphite server"
-docker-compose -f "${PARENT_DIR}"/docker-compose.yaml up -d graphite-statsd
+docker compose -f "${PARENT_DIR}"/docker-compose.yaml up -d graphite-statsd
 
 log "Start prometheus server"
-docker-compose -f "${PARENT_DIR}"/docker-compose.yaml up -d prometheus
+docker compose -f "${PARENT_DIR}"/docker-compose.yaml up -d prometheus
 
 log "Start SPIRE Server"
-docker-compose -f "${PARENT_DIR}"/docker-compose.yaml up -d spire-server
+docker compose -f "${PARENT_DIR}"/docker-compose.yaml up -d spire-server
 
 log "bootstrapping SPIRE Agent..."
-docker-compose -f "${PARENT_DIR}"/docker-compose.yaml exec -T spire-server /opt/spire/bin/spire-server bundle show > "${PARENT_DIR}"/spire/agent/bootstrap.crt
+docker compose -f "${PARENT_DIR}"/docker-compose.yaml exec -T spire-server /opt/spire/bin/spire-server bundle show > "${PARENT_DIR}"/spire/agent/bootstrap.crt
 
 log "Start SPIRE Agent"
-docker-compose -f "${PARENT_DIR}"/docker-compose.yaml up -d spire-agent
+docker compose -f "${PARENT_DIR}"/docker-compose.yaml up -d spire-agent

docker-compose/metrics/test.sh

@@ -29,7 +29,7 @@ log "Checking Statsd received metrics pushed by SPIRE..."
 
 STATSD_LOG_LINE="MetricLineReceiver connection with .* established"
 for ((i=0;i<60;i++)); do
-    if ! docker-compose -f "${DIR}"/docker-compose.yaml logs --tail=10 -t graphite-statsd | grep -qe "${STATSD_LOG_LINE}" ; then
+    if ! docker compose -f "${DIR}"/docker-compose.yaml logs --tail=10 -t graphite-statsd | grep -qe "${STATSD_LOG_LINE}" ; then
 	sleep 1
 	continue
     fi
@@ -43,7 +43,7 @@ fi
 
 log "Checking that Prometheus can reach the endpoint exposed by SPIRE..."
 for ((i=0;i<60;i++)); do
-    if ! docker-compose -f "${DIR}"/docker-compose.yaml exec -T prometheus wget -S spire-server:8088/ 2>&1 | grep -qe "200 OK" ; then
+    if ! docker compose -f "${DIR}"/docker-compose.yaml exec -T prometheus wget -S spire-server:8088/ 2>&1 | grep -qe "200 OK" ; then
 	sleep 1
 	continue
     fi

docker-compose/nested-spire/README.md

@@ -108,7 +108,7 @@ The Docker Compose definition for the `nestedA-server` service in the [docker-co
 The `nestedA-server` must be registered on the `root-server` to obtain its identity which will be used to mint SVIDs. We achieve this by creating a registration entry in the root SPIRE Server for the `nestedA-server`.
 
 ```console
-   docker-compose exec -T root-server \
+   docker compose exec -T root-server \
        /opt/spire/bin/spire-server entry create \
        -parentID "spiffe://example.org/spire/agent/x509pop/$(fingerprint root/agent/agent.crt.pem)" \
        -spiffeID "spiffe://example.org/nestedA" \
@@ -132,7 +132,7 @@ Ensure that the current working directory is `.../spire-tutorials/docker-compose
 Once the script is completed, in another terminal run the following command to review the logs from all the services:
 
 ```console
-    docker-compose logs -f -t
+    docker compose logs -f -t
 ```
 
 
@@ -146,14 +146,14 @@ To test the scenario we create two workload registration entries, one entry for
 
 ```console
    # Workload for nestedA deployment
-   docker-compose exec -T nestedA-server \
+   docker compose exec -T nestedA-server \
        /opt/spire/bin/spire-server entry create \
        -parentID "spiffe://example.org/spire/agent/x509pop/$(fingerprint nestedA/agent/agent.crt.pem)" \
        -spiffeID "spiffe://example.org/nestedA/workload" \
        -selector "unix:uid:1001" \
 
    # Workload for nestedB deployment
-   docker-compose exec -T nestedB-server \
+   docker compose exec -T nestedB-server \
        /opt/spire/bin/spire-server entry create \
        -parentID "spiffe://example.org/spire/agent/x509pop/$(fingerprint nestedB/agent/agent.crt.pem)" \
        -spiffeID "spiffe://example.org/nestedB/workload" \
@@ -177,14 +177,14 @@ The test consists of getting a JWT-SVID from the `nestedA-agent` SPIRE Agent and
 Type this command to fetch the JWT-SVID on the `nestedA` SPIRE Agent and extract the token from the JWT-SVID:
 
 ```console
-    token=$(docker-compose exec -u 1001 -T nestedA-agent \
+    token=$(docker compose exec -u 1001 -T nestedA-agent \
       /opt/spire/bin/spire-agent api fetch jwt -audience nested-test -socketPath /opt/spire/sockets/workload_api.sock | sed -n '2p')
 ```
 
 Run the following command to validate the token from `nestedA` on the `nestedB` SPIRE Agent:
 
 ```console
-    docker-compose exec -u 1001 -T nestedB-agent \
+    docker compose exec -u 1001 -T nestedB-agent \
         /opt/spire/bin/spire-agent api validate jwt -audience nested-test  -svid "${token}" \
           -socketPath /opt/spire/sockets/workload_api.sock
 ```

docker-compose/nested-spire/docker-compose.yaml

@@ -1,4 +1,3 @@
-version: '3'
 services:
   # Root
   root-server:

docker-compose/nested-spire/scripts/clean-env.sh

@@ -7,6 +7,6 @@ PARENT_DIR="$(dirname "$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )")"
 norm=$(tput sgr0) || true
 green=$(tput setaf 2) || true
 
-docker-compose -f "${PARENT_DIR}"/docker-compose.yaml down
+docker compose -f "${PARENT_DIR}"/docker-compose.yaml down
 
 echo "${green}Cleaning completed.${norm}"

docker-compose/nested-spire/scripts/create-workload-registration-entries.sh

@@ -29,7 +29,7 @@ check-entry-is-propagated() {
   # Wait one second between checks.
   log "Checking registration entry is propagated..."
   for ((i=1;i<=30;i++)); do
-      if docker-compose -f "${PARENT_DIR}"/docker-compose.yaml logs $1 | grep -qe "$2"; then
+      if docker compose -f "${PARENT_DIR}"/docker-compose.yaml logs $1 | grep -qe "$2"; then
           log "${green}Entry is propagated.${nn}"
           return 0
       fi
@@ -43,7 +43,7 @@ check-entry-is-propagated() {
 
 # Workload for nestedA deployment
 log "creating nestedA workload registration entry..."
-docker-compose -f "${PARENT_DIR}"/docker-compose.yaml exec -T nestedA-server \
+docker compose -f "${PARENT_DIR}"/docker-compose.yaml exec -T nestedA-server \
     /opt/spire/bin/spire-server entry create \
     -parentID "spiffe://example.org/spire/agent/x509pop/$(fingerprint "${PARENT_DIR}"/nestedA/agent/agent.crt.pem)" \
     -spiffeID "spiffe://example.org/nestedA/workload" \
@@ -54,7 +54,7 @@ check-entry-is-propagated nestedA-agent spiffe://example.org/nestedA/workload
 
 # Workload for nestedB deployment
 log "creating nestedB workload registration entry..."
-docker-compose -f "${PARENT_DIR}"/docker-compose.yaml exec -T nestedB-server \
+docker compose -f "${PARENT_DIR}"/docker-compose.yaml exec -T nestedB-server \
     /opt/spire/bin/spire-server entry create \
     -parentID "spiffe://example.org/spire/agent/x509pop/$(fingerprint "${PARENT_DIR}"/nestedB/agent/agent.crt.pem)" \
     -spiffeID "spiffe://example.org/nestedB/workload" \

docker-compose/nested-spire/scripts/set-env.sh

@@ -36,7 +36,7 @@ check-entry-is-propagated() {
   # Wait one second between checks.
   log "Checking registration entry is propagated..."
   for ((i=1;i<=30;i++)); do
-      if docker-compose -f "${PARENT_DIR}"/docker-compose.yaml logs $1 | grep -qe "$2"; then
+      if docker compose -f "${PARENT_DIR}"/docker-compose.yaml logs $1 | grep -qe "$2"; then
           log "${green}Entry is propagated.${nn}"
           return 0
       fi
@@ -66,17 +66,17 @@ log "Generate certificates for the root SPIRE deployment"
 setup "${PARENT_DIR}"/root/server "${PARENT_DIR}"/root/agent
 
 log "Start root server"
-docker-compose -f "${PARENT_DIR}"/docker-compose.yaml up -d root-server
+docker compose -f "${PARENT_DIR}"/docker-compose.yaml up -d root-server
 
 log "bootstrapping root-agent."
-docker-compose -f "${PARENT_DIR}"/docker-compose.yaml exec -T root-server /opt/spire/bin/spire-server bundle show > "${PARENT_DIR}"/root/agent/bootstrap.crt
+docker compose -f "${PARENT_DIR}"/docker-compose.yaml exec -T root-server /opt/spire/bin/spire-server bundle show > "${PARENT_DIR}"/root/agent/bootstrap.crt
 
 log "Start root agent"
-docker-compose -f "${PARENT_DIR}"/docker-compose.yaml up -d root-agent
+docker compose -f "${PARENT_DIR}"/docker-compose.yaml up -d root-agent
 
 # Creates registration entries for the nested servers
 log "creating nestedA downstream registration entry..."
-docker-compose -f "${PARENT_DIR}"/docker-compose.yaml exec -T root-server \
+docker compose -f "${PARENT_DIR}"/docker-compose.yaml exec -T root-server \
     /opt/spire/bin/spire-server entry create \
     -parentID "spiffe://example.org/spire/agent/x509pop/$(fingerprint "${PARENT_DIR}"/root/agent/agent.crt.pem)" \
     -spiffeID "spiffe://example.org/nestedA" \
@@ -86,7 +86,7 @@ docker-compose -f "${PARENT_DIR}"/docker-compose.yaml exec -T root-server \
 check-entry-is-propagated root-agent spiffe://example.org/nestedA
 
 log "creating nestedB downstream registration entry..."
-docker-compose -f "${PARENT_DIR}"/docker-compose.yaml exec -T root-server \
+docker compose -f "${PARENT_DIR}"/docker-compose.yaml exec -T root-server \
     /opt/spire/bin/spire-server entry create \
     -parentID "spiffe://example.org/spire/agent/x509pop/$(fingerprint "${PARENT_DIR}"/root/agent/agent.crt.pem)" \
     -spiffeID "spiffe://example.org/nestedB" \
@@ -101,13 +101,13 @@ log "Generate certificates for the nestedA deployment"
 setup "${PARENT_DIR}"/nestedA/server "${PARENT_DIR}"/nestedA/agent
 
 log "Starting nestedA-server.."
-docker-compose -f "${PARENT_DIR}"/docker-compose.yaml up -d nestedA-server
+docker compose -f "${PARENT_DIR}"/docker-compose.yaml up -d nestedA-server
 
 log "bootstrapping nestedA agent..."
-docker-compose -f "${PARENT_DIR}"/docker-compose.yaml exec -T nestedA-server /opt/spire/bin/spire-server bundle show > "${PARENT_DIR}"/nestedA/agent/bootstrap.crt
+docker compose -f "${PARENT_DIR}"/docker-compose.yaml exec -T nestedA-server /opt/spire/bin/spire-server bundle show > "${PARENT_DIR}"/nestedA/agent/bootstrap.crt
 
 log "Starting nestedA-agent..."
-docker-compose -f "${PARENT_DIR}"/docker-compose.yaml up -d nestedA-agent
+docker compose -f "${PARENT_DIR}"/docker-compose.yaml up -d nestedA-agent
 
 
 # Starts nestedB SPIRE deployment
@@ -115,10 +115,10 @@ log "Generate certificates for the nestedB deployment"
 setup "${PARENT_DIR}"/nestedB/server "${PARENT_DIR}"/nestedB/agent
 
 log "Starting nestedB-server.."
-docker-compose -f "${PARENT_DIR}"/docker-compose.yaml up -d nestedB-server
+docker compose -f "${PARENT_DIR}"/docker-compose.yaml up -d nestedB-server
 
 log "bootstrapping nestedB agent..."
-docker-compose -f "${PARENT_DIR}"/docker-compose.yaml exec -T nestedB-server /opt/spire/bin/spire-server bundle show > "${PARENT_DIR}"/nestedB/agent/bootstrap.crt
+docker compose -f "${PARENT_DIR}"/docker-compose.yaml exec -T nestedB-server /opt/spire/bin/spire-server bundle show > "${PARENT_DIR}"/nestedB/agent/bootstrap.crt
 
 log "Starting nestedB-agent..."
-docker-compose -f "${PARENT_DIR}"/docker-compose.yaml up -d nestedB-agent
+docker compose -f "${PARENT_DIR}"/docker-compose.yaml up -d nestedB-agent

docker-compose/nested-spire/test.sh

@@ -37,11 +37,11 @@ bash "${DIR}"/scripts/create-workload-registration-entries.sh
 
 log "checking nested JWT-SVID..."
 # Fetch JWT-SVID and extract token
-token=$(docker-compose -f "${DIR}"/docker-compose.yaml exec -u 1001 -T nestedA-agent \
+token=$(docker compose -f "${DIR}"/docker-compose.yaml exec -u 1001 -T nestedA-agent \
     /opt/spire/bin/spire-agent api fetch jwt -audience testIt -socketPath /opt/spire/sockets/workload_api.sock | sed -n '2p') || fail "JWT-SVID check failed"
 
 # Validate token
-validation_result=$(docker-compose -f "${DIR}"/docker-compose.yaml exec -u 1001 -T nestedB-agent \
+validation_result=$(docker compose -f "${DIR}"/docker-compose.yaml exec -u 1001 -T nestedB-agent \
     /opt/spire/bin/spire-agent api validate jwt -audience testIt  -svid "${token}" -socketPath /opt/spire/sockets/workload_api.sock)
 
 if echo $validation_result | grep -qe "SVID is valid."; then

k8s/envoy-jwt-auth-helper/Dockerfile

@@ -1,11 +1,11 @@
-FROM golang:bookworm as build-stage
+FROM golang:bookworm AS build-stage
 
 WORKDIR /app
 COPY . .
 RUN go mod download
 RUN go build
 
-FROM debian:bookworm-slim as production-stage
+FROM debian:bookworm-slim AS production-stage
 RUN apt update && DEBIAN_FRONTEND=noninteractive apt full-upgrade -y && \
 apt install -y dumb-init iputils-ping curl procps
 

k8s/envoy-opa/scripts/set-env.sh

@@ -39,7 +39,7 @@ wait_for_envoy() {
     LOGLINE="all dependencies initialized. starting workers"
     LOGLINE2="membership update for TLS cluster backend added 1 removed 1"
     for ((i=0;i<30;i++)); do
-        if ! kubectl logs --tail=100 --selector=app=backend -c envoy | grep -qe "${LOGLINE}" ; then
+        if ! kubectl logs --tail=1000 --selector=app=backend -c envoy | grep -qe "${LOGLINE}" ; then
             sleep 5
             echo "Waiting until backend envoy instance is ready..."
             continue