-
Notifications
You must be signed in to change notification settings - Fork 41
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for federated mode #89
Comments
Hi @edurra thanks for working on this. I'm trying to use the new flag that you have introduced, but I am not succeeding. Can you please shed some light? I have 2 spire clusters, and they are being federated. When I run
My spiffe-helper config file looks like the following:
Only 3 files are created (which is expected):
and the ca.pem file just contains the local CA bundle, but no federated bundle. I would have expected that both the local CA and the federated CA would be both put into this ca.pem file. I'm using the spiffe-helper container image from |
Hi, I see that the code was restructured some weeks ago and it might have affected this flag. I think issue comes from this function, which is not initializing I compiled SPIFFE Helper using this configuration and it worked:
I currently don't have much time to work on a new PR (hopefully the code I posted can fix that, but I am not sure if more changes would be required). Hopefully somebody can pick it up. |
Hey @edurra, thanks for looking into it! Will see what has happened after your code was merged. |
Filed a pr to fix this bug: #167 |
This is now merged into main and will be part of the next release. |
In federated mode, peer CA bundles are stored as separate files from the local CA bundle, svid key, and svid cert. Briefly looking at the code, it seems to be hard coding only those 3 files and not taking into account of any additional bundle files in federated mode. Can someone verify if this is the case?
The text was updated successfully, but these errors were encountered: