SPIRE is moving away from the alpine Docker release images in favor of
scratch images that contain only the release binary to minimize the size
of the images and include only the software that is necessary to run in
the container.
Signed-off-by: Ryan Turner <turner@uber.com>
* Remove "ps"-based OIDC Discovery Provider readiness probes
We are migrating away from the alpine images towards the scratch images
being the default. In a scratch image, we don't have the "ps" binary.
There is a bug in the OIDC Discovery Provider that prevents the HTTP
liveness/readiness endpoint from being available outside the container
(see spiffe#spire/3629), so just remove the readiness probes for now.
Turn on the health check endpoint to the OIDC Discovery Provider so that
probes can be added later on once the issue is resolved.
Also update some old configs that are no longer correct to get the
examples to run properly.
Signed-off-by: Ryan Turner <turner@uber.com>
Update all tutorials to use SPIRE v1.5.0. Remove usage of deprecated
Server config parameter `default_svid_ttl` in favor of
`default_x509_svid_ttl` and `default_jwt_svid_ttl`.
Signed-off-by: Ryan Turner <turner@uber.com>
The noop NodeResolver has been removed in 1.0.0.
See:
- https://github.com/spiffe/spire/pull/2189
Signed-off-by: Wolodja Wentland <wolodja.wentland@control-plane.io>
The `k8s_sat` and `k8s_psat` NodeAttestor configurable
`service_account_whitelist` has been removed in the 1.1.0 release
after having been deprecated in favour of `service_account_allow_list`
in 1.0.0.
See:
- https://github.com/spiffe/spire/pull/2253
- https://github.com/spiffe/spire/pull/2543
Signed-off-by: Wolodja Wentland <wolodja.wentland@control-plane.io>
* Adds SPIRE-Vault OIDC tutorial
Signed-off-by: Maximiliano Churichi <maximiliano.churichi@hpe.com>
* Adds /keys path to OIDC ingress
Signed-off-by: Maximiliano Churichi <maximiliano.churichi@hpe.com>
* Adds JWKS method note
Signed-off-by: Maximiliano Churichi <maximiliano.churichi@hpe.com>
* Addresses comments by @sanderson042
Signed-off-by: Maximiliano Churichi <maximiliano.churichi@hpe.com>
* Address more comments by @sanderson042
Signed-off-by: Maximiliano Churichi <maximiliano.churichi@hpe.com>
* Addresses more comments by @sanderson042
Signed-off-by: Maximiliano Churichi <maximiliano.churichi@hpe.com>
* More fixes
Signed-off-by: Maximiliano Churichi <maximiliano.churichi@hpe.com>
* Fixes some typos
Signed-off-by: Maximiliano Churichi <maximiliano.churichi@hpe.com>
Ryan Turner