Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

1.0 possible breakage list #76

Open
kfox1111 opened this issue Nov 3, 2023 · 11 comments
Open

1.0 possible breakage list #76

kfox1111 opened this issue Nov 3, 2023 · 11 comments

Comments

@kfox1111
Copy link
Collaborator

kfox1111 commented Nov 3, 2023

We've tried hard to ensure backwards compatibility, a bit to the detriment of usability out of the box. Before 1.0.0 we may want to have one release where we change the defaults to be easier to use. This issue will track possible things to change.

@kfox1111
Copy link
Collaborator Author

kfox1111 commented Nov 3, 2023

autoPopulateDNSNames maybe should be true rather then false.

@kfox1111
Copy link
Collaborator Author

kfox1111 commented Nov 3, 2023

spire-server.upstreamAuthority.certManager.ca.create could be set to true

@kfox1111
Copy link
Collaborator Author

kfox1111 commented Nov 8, 2023

Should jwt issuer default to include https:// ? (implemented in #120)

@kfox1111
Copy link
Collaborator Author

consider switching default identifiers to include nested names so taking non nested clusters and scale it out to multiple containers doesn't break things.

@kfox1111
Copy link
Collaborator Author

base hostpath socket name on release.namespace-release.name by default so they don't conflict.

@kfox1111
Copy link
Collaborator Author

kfox1111 commented Feb 5, 2024

In spire-agent, the value

socketAlternate:
  image:

could be collapsed into a general tools container along with the permissions fix init container.

@faisal-memon
Copy link
Collaborator

Fix up naming so there is consistency between socket and sockets for socket path configs. Only use plural if there are multiple sockets. Reference comment: #234 (comment)

@kfox1111
Copy link
Collaborator Author

kfox1111 commented Feb 29, 2024

ca_subject section here:
https://github.com/spiffe/helm-charts-hardened/blob/main/charts/spire/charts/spire-server/values.yaml#L279-L285

should be updated to follow naming convention.

moved to #454

@kfox1111
Copy link
Collaborator Author

kfox1111 commented Mar 10, 2024

We should go through all the values and ensure they follow the convention. There are a few like spire-server.k8sbundle

moved to #454

@kfox1111
Copy link
Collaborator Author

#269

@kfox1111
Copy link
Collaborator Author

kfox1111 commented Aug 19, 2024

List of vars that dont match convention:

spire-server.dataStore.plugin_data
spire-server.federation.refresh_hint
spire-server.ca_subject.common_name
spire-server.upstreamAuthority.certManager.issuer_name
spire-server.upstreamAuthority.certManager.issuer_group
spire-server.upstreamAuthority.certManager.kube_config_file
spire-server.notifier.k8sbundle
spire-server.nodeAttestor.k8sPsat

spire-agent.nodeAttestor.k8sPsat
spire-agent.sds.defaultSvidName
spire-agent.sds.disableSpiffeCertValidation

moved to #454

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants