spiffe
X.509-SVIDs Envoy Tutorial not working.
I'm trying to follow the Spire X.509-SVIDs (https://spiffe.io/docs/latest/microservices/envoy-x509/readme/) tutorial. I'm trying to run the bash scripts/pre-set-env.sh script to build the pre-reqs for the environment. However, the script never completes:
bash pre-set-env.sh
Creates all the resources needed to the SPIRE Server and SPIRE Agent to be available in the cluster.
namespace/spire created
serviceaccount/spire-agent created
serviceaccount/spire-server created
clusterrole.rbac.authorization.k8s.io/spire-agent-cluster-role created
clusterrole.rbac.authorization.k8s.io/spire-server-trust-role created
clusterrolebinding.rbac.authorization.k8s.io/spire-agent-cluster-role-binding created
clusterrolebinding.rbac.authorization.k8s.io/spire-server-trust-role-binding created
configmap/spire-agent created
configmap/spire-bundle created
configmap/spire-server created
service/spire-server created
statefulset.apps/spire-server created
daemonset.apps/spire-agent created
Waiting until SPIRE Agent is running
Waiting for 1 pods to be ready...
partitioned roll out complete: 1 new pods have been updated...
Waiting for daemon set "spire-agent" rollout to finish: 0 of 1 updated pods are available...
The issue here is that the agent rollout never finishes, therefore the script never completes.
I'm using Ubuntu 21.04 and have tried minikube version: v1.20.0 and kind v0.11.0 go1.16.4 linux/amd64
Hi Carl,
I've just tried in a brand new box with Ubuntu 21.04 and Minikube v1.20.0
ubuntu@ip-X-X-X-X:~/spire-tutorials/k8s/envoy-x509$ minikube version
minikube version: v1.20.0
commit: c61663e942ec43b20e8e70839dcca52e44cd85ae
ubuntu@ip-X-X-X-X:~/spire-tutorials/k8s/envoy-x509$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 21.04
Release: 21.04
Codename: hirsute
Complete output
ubuntu@ip-X-X-X-X:~/spire-tutorials/k8s/envoy-x509/scripts$ bash pre-set-env.sh
Creates all the resources needed to the SPIRE Server and SPIRE Agent to be available in the cluster.
namespace/spire created
serviceaccount/spire-agent created
serviceaccount/spire-server created
clusterrole.rbac.authorization.k8s.io/spire-agent-cluster-role created
clusterrole.rbac.authorization.k8s.io/spire-server-trust-role created
clusterrolebinding.rbac.authorization.k8s.io/spire-agent-cluster-role-binding created
clusterrolebinding.rbac.authorization.k8s.io/spire-server-trust-role-binding created
configmap/spire-agent created
configmap/spire-bundle created
configmap/spire-server created
service/spire-server created
statefulset.apps/spire-server created
daemonset.apps/spire-agent created
Waiting until SPIRE Agent is running
Waiting for 1 pods to be ready...
partitioned roll out complete: 1 new pods have been updated...
Waiting for daemon set "spire-agent" rollout to finish: 0 of 1 updated pods are available...
daemon set "spire-agent" successfully rolled out
time="2021-06-02T16:44:33Z" level=info msg="Agent attestation request completed" address="172.17.0.1:62939" agent_id="spiffe://example.org/spire/agent/k8s_sat/demo-cluster/a5070c19-7b86-42c4-b3c1-cc51d568017b" caller-addr="172.17.0.1:62939" method=AttestAgent node_attestor_type=k8s_sat service=agent.v1.Agent subsystem_name=api
SPIRE Agent ready.
Creates registration entries.
SPIRE resources creation completed.
Are you still having issues with this example? Is there any other details you think might be useful to take into account to test it?
Regards.
Hmm strange - I will try again first thing tomorrow. Thanks.
Out of interest, what platform are you running Ubuntu on. I'm using a Mac Pro, wondering if there's anything that could be different there.