spiffe
/
spire-tutorials
mirror of https://github.com/spiffe/spire-tutorials.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add readiness probe to k8s config of SPIRE server present in quickstart guide (#51) 

* add readiness probe to spire server

Signed-off-by: Luciano <lucianozablocki@gmail.com>
This commit is contained in:
lucianozablocki 2021-01-14 15:18:38 -03:00 committed by GitHub
parent 5e13abb7d7
commit d5f3a4b939
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 27 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
k8s/oidc-aws/agent-daemonset.yaml
View File

@ -28,7 +28,7 @@ spec:
args: ["-t", "30", "spire-server:8081"]
containers:
- name: spire-agent
image: gcr.io/spiffe-io/spire-agent:0.9.3
image: gcr.io/spiffe-io/spire-agent:0.12.0
args: ["-config", "/run/spire/config/agent.conf"]
volumeMounts:
- name: spire-config

3
k8s/oidc-aws/server-configmap.yaml
View File

@ -29,8 +29,7 @@ data:
# TODO: Replace MY_DISCOVERY_DOMAIN with the FQDN of the Discovery Provider that you will configure in DNS
jwt_issuer = "https://MY_DISCOVERY_DOMAIN"
upstream_bundle = true
svid_ttl = "1h"
default_svid_ttl = "1h"
ca_subject = {
country = ["US"],
organization = ["SPIFFE"],

9
k8s/oidc-aws/server-statefulset.yaml
View File

@ -21,7 +21,7 @@ spec:
shareProcessNamespace: true
containers:
- name: spire-server
image: gcr.io/spiffe-io/spire-server:0.9.3
image: gcr.io/spiffe-io/spire-server:0.12.0
args:
- -config
- /run/spire/config/server.conf
@ -44,8 +44,13 @@ spec:
initialDelaySeconds: 15
periodSeconds: 60
timeoutSeconds: 3
readinessProbe:
exec:
command: ["/opt/spire/bin/spire-server", "healthcheck", "-registrationUDSPath", "/run/spire/sockets/registration.sock", "--shallow"]
initialDelaySeconds: 5
periodSeconds: 5
- name: spire-oidc
image: gcr.io/spiffe-io/oidc-discovery-provider:0.9.3
image: gcr.io/spiffe-io/oidc-discovery-provider:0.12.0
args:
- -config
- /run/spire/oidc/config/oidc-discovery-provider.conf

9
k8s/oidc-vault/k8s/server-statefulset.yaml
View File

@ -21,7 +21,7 @@ spec:
shareProcessNamespace: true
containers:
- name: spire-server
image: gcr.io/spiffe-io/spire-server:0.10.0
image: gcr.io/spiffe-io/spire-server:0.12.0
args:
- -config
- /run/spire/config/server.conf
@ -44,8 +44,13 @@ spec:
initialDelaySeconds: 15
periodSeconds: 60
timeoutSeconds: 3
readinessProbe:
exec:
command: ["/opt/spire/bin/spire-server", "healthcheck", "-registrationUDSPath", "/run/spire/sockets/registration.sock", "--shallow"]
initialDelaySeconds: 5
periodSeconds: 5
- name: spire-oidc
image: gcr.io/spiffe-io/oidc-discovery-provider:0.10.0
image: gcr.io/spiffe-io/oidc-discovery-provider:0.12.0
args:
- -config
- /run/spire/oidc/config/oidc-discovery-provider.conf

2
k8s/quickstart/agent-daemonset.yaml
View File

@ -28,7 +28,7 @@ spec:
args: ["-t", "30", "spire-server:8081"]
containers:
- name: spire-agent
image: gcr.io/spiffe-io/spire-agent:0.11.0
image: gcr.io/spiffe-io/spire-agent:0.12.0
args: ["-config", "/run/spire/config/agent.conf"]
volumeMounts:
- name: spire-config

2
k8s/quickstart/client-deployment.yaml
View File

@ -18,7 +18,7 @@ spec:
dnsPolicy: ClusterFirstWithHostNet
containers:
- name: client
image: gcr.io/spiffe-io/spire-agent:0.10.0
image: gcr.io/spiffe-io/spire-agent:0.12.0
command: ["sleep"]
args: ["1000000000"]
volumeMounts:

10
k8s/quickstart/server-statefulset.yaml
View File

@ -20,7 +20,7 @@ spec:
serviceAccountName: spire-server
containers:
- name: spire-server
image: gcr.io/spiffe-io/spire-server:0.11.0
image: gcr.io/spiffe-io/spire-server:0.12.0
args:
- -config
- /run/spire/config/server.conf
@ -42,6 +42,14 @@ spec:
initialDelaySeconds: 15
periodSeconds: 60
timeoutSeconds: 3
readinessProbe:
exec:
command:
- /opt/spire/bin/spire-server
- healthcheck
- --shallow
initialDelaySeconds: 5
periodSeconds: 5
volumes:
- name: spire-config
configMap: