spire

spire copied to clipboard

Failed to collect all selectors for PID" error="workload attestor \"k8s\" failed: rpc error: code = DeadlineExceeded desc = workloadattestor(k8s): no selectors found after max poll attempts"

26

* **Version**: 1.0.1 * **Platform**: k8s + istio * **Subsystem**: spire-server: ``` apiVersion: v1 kind: Namespace metadata: name: spire --- apiVersion: v1 kind: ServiceAccount metadata: name: spire-server namespace: spire ---...

tanjunchen

Feature request: Adding a helm chart

6

I wanted to check if the spire project is interested in adding a helm chart. I started putting one together from the quick start, available at and would be happy...

sudo-bmitch

Windows support: review permissions in directories created

6

SPIRE creates some directories that store sensitive data, with certain permissions to restrict access (e.g. agent and server data directories). On Windows, those directories are created with the [CreateDirectory function](https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-createdirectory)...

amartinezfayo

"connection reset by peer, received prior goaway: code: NO_ERROR" sometimes occur in agents

12

* **Version**: 1.3.0 * **Platform**: Linux x86_64 * **Subsystem**: agent https://spiffe.slack.com/archives/C7XDP01HB/p1655716118861989 SPIRE Agents sometimes log `received prior goaway: code: NO_ERROR` I can only see this error log when fetching bundles...

hiyosi

#3272 deprecated the (only) node resolver plugins and interface. This issue tracks removal of the plugins and interface in SPIRE 1.5.0.

azdagron

Flaky sdsv3 test TestStreamSecrets/Default_All_bundles:_RootCA

1

``` --- FAIL: TestStreamSecrets (0.27s) --- FAIL: TestStreamSecrets/Default_All_bundles:_RootCA (0.00s) handler_test.go:632: Error Trace: /home/runner/work/spire/spire/pkg/agent/endpoints/sdsv3/assertions.go:50 /home/runner/work/spire/spire/pkg/agent/endpoints/sdsv3/handler_test.go:632 Error: Status code="Internal" msg="malformed header: missing HTTP status; malformed header: missing HTTP content-type" does not match...

rturner3

Add Sigstore on workload attestor for SPIRE

1

**Pull Request check list** - [ ] Commit conforms to CONTRIBUTING.md? - [ ] Proper tests/regressions included? - [ ] Documentation updated? **Affected functionality** **Description of change** **Which issue this...

willallves

SPIRE Server should enforce agent IDs reside in the agent namespace

9

SPIRE has assumed that node attestors would produce agent IDs that conform to the following convention: ``` spiffe:///spire/agent// ``` (e.g. `spiffe://example.org/spire/agent/join_token/21B6D625-CCF3-49E1-8E7C-812B3F55B3CB`) Although this convention is not required for agent authorization...

azdagron

spire-agent fails to fetch authorized entries for very large entry sets

3

The gRPC Entry API client used in spire-agent uses the default maximum gRPC response message size of 4 MB. When a `GetAuthorizedEntriesResponse` message exceeds 4 MB in its protobuf serialized...

rturner3

This issue tracks a discussion on how to provide improved support for workloads running in ECS or similar environments. Due to the auto-scaling nature of these types of environments, current...

azdagron