spiffe
/
spire-tutorials
mirror of https://github.com/spiffe/spire-tutorials.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add readiness probe to k8s config of SPIRE server present in quickstart guide (#51) 

* add readiness probe to spire server

Signed-off-by: Luciano <lucianozablocki@gmail.com>
This commit is contained in:
lucianozablocki 2021-01-14 15:18:38 -03:00 committed by GitHub
parent 5e13abb7d7
commit d5f3a4b939
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 27 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
k8s/oidc-aws/agent-daemonset.yaml
View File

@ -28,7 +28,7 @@ spec:
args: ["-t", "30", "spire-server:8081"] args: ["-t", "30", "spire-server:8081"]
containers: containers:
- name: spire-agent - name: spire-agent
image: gcr.io/spiffe-io/spire-agent:0.9.3 image: gcr.io/spiffe-io/spire-agent:0.12.0
args: ["-config", "/run/spire/config/agent.conf"] args: ["-config", "/run/spire/config/agent.conf"]
volumeMounts: volumeMounts:
- name: spire-config - name: spire-config

3
k8s/oidc-aws/server-configmap.yaml
View File

@ -29,8 +29,7 @@ data:
# TODO: Replace MY_DISCOVERY_DOMAIN with the FQDN of the Discovery Provider that you will configure in DNS # TODO: Replace MY_DISCOVERY_DOMAIN with the FQDN of the Discovery Provider that you will configure in DNS
jwt_issuer = "https://MY_DISCOVERY_DOMAIN" jwt_issuer = "https://MY_DISCOVERY_DOMAIN"
upstream_bundle = true default_svid_ttl = "1h"
svid_ttl = "1h"
ca_subject = { ca_subject = {
country = ["US"], country = ["US"],
organization = ["SPIFFE"], organization = ["SPIFFE"],

9
k8s/oidc-aws/server-statefulset.yaml
View File

@ -21,7 +21,7 @@ spec:
shareProcessNamespace: true shareProcessNamespace: true
containers: containers:
- name: spire-server - name: spire-server
image: gcr.io/spiffe-io/spire-server:0.9.3 image: gcr.io/spiffe-io/spire-server:0.12.0
args: args:
- -config - -config
- /run/spire/config/server.conf - /run/spire/config/server.conf
@ -44,8 +44,13 @@ spec:
initialDelaySeconds: 15 initialDelaySeconds: 15
periodSeconds: 60 periodSeconds: 60
timeoutSeconds: 3 timeoutSeconds: 3
readinessProbe:
exec:
command: ["/opt/spire/bin/spire-server", "healthcheck", "-registrationUDSPath", "/run/spire/sockets/registration.sock", "--shallow"]
initialDelaySeconds: 5
periodSeconds: 5
- name: spire-oidc - name: spire-oidc
image: gcr.io/spiffe-io/oidc-discovery-provider:0.9.3 image: gcr.io/spiffe-io/oidc-discovery-provider:0.12.0
args: args:
- -config - -config
- /run/spire/oidc/config/oidc-discovery-provider.conf - /run/spire/oidc/config/oidc-discovery-provider.conf

9
k8s/oidc-vault/k8s/server-statefulset.yaml
View File

@ -21,7 +21,7 @@ spec:
shareProcessNamespace: true shareProcessNamespace: true
containers: containers:
- name: spire-server - name: spire-server
image: gcr.io/spiffe-io/spire-server:0.10.0 image: gcr.io/spiffe-io/spire-server:0.12.0
args: args:
- -config - -config
- /run/spire/config/server.conf - /run/spire/config/server.conf
@ -44,8 +44,13 @@ spec:
initialDelaySeconds: 15 initialDelaySeconds: 15
periodSeconds: 60 periodSeconds: 60
timeoutSeconds: 3 timeoutSeconds: 3
readinessProbe:
exec:
command: ["/opt/spire/bin/spire-server", "healthcheck", "-registrationUDSPath", "/run/spire/sockets/registration.sock", "--shallow"]
initialDelaySeconds: 5
periodSeconds: 5
- name: spire-oidc - name: spire-oidc
image: gcr.io/spiffe-io/oidc-discovery-provider:0.10.0 image: gcr.io/spiffe-io/oidc-discovery-provider:0.12.0
args: args:
- -config - -config
- /run/spire/oidc/config/oidc-discovery-provider.conf - /run/spire/oidc/config/oidc-discovery-provider.conf

2
k8s/quickstart/agent-daemonset.yaml
View File

@ -28,7 +28,7 @@ spec:
args: ["-t", "30", "spire-server:8081"] args: ["-t", "30", "spire-server:8081"]
containers: containers:
- name: spire-agent - name: spire-agent
image: gcr.io/spiffe-io/spire-agent:0.11.0 image: gcr.io/spiffe-io/spire-agent:0.12.0
args: ["-config", "/run/spire/config/agent.conf"] args: ["-config", "/run/spire/config/agent.conf"]
volumeMounts: volumeMounts:
- name: spire-config - name: spire-config

2
k8s/quickstart/client-deployment.yaml
View File

@ -18,7 +18,7 @@ spec:
dnsPolicy: ClusterFirstWithHostNet dnsPolicy: ClusterFirstWithHostNet
containers: containers:
- name: client - name: client
image: gcr.io/spiffe-io/spire-agent:0.10.0 image: gcr.io/spiffe-io/spire-agent:0.12.0
command: ["sleep"] command: ["sleep"]
args: ["1000000000"] args: ["1000000000"]
volumeMounts: volumeMounts:

10
k8s/quickstart/server-statefulset.yaml
View File

@ -20,7 +20,7 @@ spec:
serviceAccountName: spire-server serviceAccountName: spire-server
containers: containers:
- name: spire-server - name: spire-server
image: gcr.io/spiffe-io/spire-server:0.11.0 image: gcr.io/spiffe-io/spire-server:0.12.0
args: args:
- -config - -config
- /run/spire/config/server.conf - /run/spire/config/server.conf
@ -42,6 +42,14 @@ spec:
initialDelaySeconds: 15 initialDelaySeconds: 15
periodSeconds: 60 periodSeconds: 60
timeoutSeconds: 3 timeoutSeconds: 3
readinessProbe:
exec:
command:
- /opt/spire/bin/spire-server
- healthcheck
- --shallow
initialDelaySeconds: 5
periodSeconds: 5
volumes: volumes:
- name: spire-config - name: spire-config
configMap: configMap: