Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disable federation by default #27

Merged
merged 1 commit into from
Nov 18, 2024
Merged

Disable federation by default #27

merged 1 commit into from
Nov 18, 2024

Conversation

markgoddard
Copy link
Contributor

Federation is now only enabled when a trust zone has a federation
relationship with another trust zone.

Fixes: #26

@markgoddard
Disable federation by default
0aa9aa6 
Federation is now only enabled when a trust zone has a federation
relationship with another trust zone.

Fixes: #26
@markgoddard markgoddard self-assigned this Nov 15, 2024
meyskens
meyskens approved these changes Nov 16, 2024
View reviewed changes
Copy link
Contributor

@meyskens meyskens left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@markgoddard markgoddard merged commit a134521 into main Nov 18, 2024
3 checks passed
@markgoddard markgoddard deleted the issues/26 branch November 18, 2024 09:23
@markgoddard markgoddard mentioned this pull request Nov 18, 2024
Closed
markgoddard added a commit that referenced this pull request Nov 18, 2024
@markgoddard
Wait for SPIRE server pod & service after post-install config
eb858d7 
After #27 merged we started seeing failures in the federation
integration test:

  cofidectl workload discover
  Error: failed to stream exec: Internal error occurred: unable to upgrade connection: container not found ("spire-server")
  error: Recipe `integration-test` failed on line 20 with exit code 1

In #27 the Helm configuration was changed to only enable federation in
SPIRE server when there is a federation relationship that has a bundle
endpoint available. On the initial Helm install this would not be the
case, so federation would be disabled. On the post-install configure
Helm install, we would have bundle endpoints and so federation would be
enabled and SPIRE server would be restarted. This caused any commands
running immediately after cofidectl up that rely on SPIRE server being
up (in this case `cofidectl workload discover`) to fail.

This change addresses the issue by waiting for the SPIRE server pod and
service to be ready after the post-install configuration step.

Fixes: #36
@markgoddard markgoddard mentioned this pull request Nov 18, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@meyskens meyskens meyskens approved these changes

@mattbates mattbates Awaiting requested review from mattbates

@jsnctl jsnctl Awaiting requested review from jsnctl

@nialdaly nialdaly Awaiting requested review from nialdaly

Assignees

@markgoddard markgoddard

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Disable federation for a trust zone when no federations exist for it
2 participants
@markgoddard @meyskens