Drew Wells

In layman's, you can read this https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#method-2-separate-charts

As long as we can install it as if it were a chart with only crds in it, then that will work fine.

**CRs:** . I did not manually put bundle in, that would be very hard to automate. I see it successfully claiming to pull public keys from federated ingress. However, the...

A little more investigation, here's bundles on both clusters bundle show ``` -> % k --context box-3 exec -n spire-server -c spire-server spire-server-0 -- spire-server bundle show -----BEGIN CERTIFICATE----- MIIBbzCCARWgAwIBAgIRAMyX4Ok8oM8P/cdnVOXuciswCgYIKoZIzj0EAwIwFzEV...

Create a leader election so only one operates.

If you change replica > 1 today, spire server stops working. We need better HA support. In general, spire-server needs to move towards stateless operation without bagge of a controller...

A integration test would be a better way to prove it does work. I don't know the details, but replica>1 caused outage on our cluster.

Regardless of database, my concern is running multiple spire-controller-managers. The first comment noted that a spire-controller-manager ticket was needed here. Unless there are plans to build consensus across multiple stateful...

Only override I provided was a release_name, which is the issue. See the two `helm templates` below: Correct alignment of service and server_address ``` -> % helm template charts/spire |...

I figured that was the issue. I'm overriding the spire-agent.server.address value but I guess it might impact other sub charts too