You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Oct 29, 2021. It is now read-only.
Now we have registration.json file with spiffe entries that should be registered. Essentially this is simple mapping of ServiceAccount to SpiffeID. That's not really convenient way to manage spiffe entries.
Spire provides k8s-workload-registrar that register itself like admission-webhook and automatically register entries based on service accounts, labels or annotations.
This issue has been automatically marked as stale because it has not had activity in 30 days. It will be closed in 7 days if no further activity occurs. Thank you for your contributions.
Overview
Now we have
registration.json
file with spiffe entries that should be registered. Essentially this is simple mapping of ServiceAccount to SpiffeID. That's not really convenient way to manage spiffe entries.Spire provides
k8s-workload-registrar
that register itself like admission-webhook and automatically register entries based on service accounts, labels or annotations.Blocked by
BoundServiceAccountTokenVolume
feature of Kubernetes, which is still in alpha:https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/
The text was updated successfully, but these errors were encountered: