Comments (1)
Done.
from secrets-manager.
Related Issues (20)
- VSecM shall be able to be deployed to namespaces other than vsecm-system and spire-system HOT 2
- Add annotation to K8s secrets created by VsecM
- volkan: address `TODO:` comments in the source code. HOT 1
- upgrade to go1.22.3 (there are certain minor vulns in go core that this upgrade fixes) HOT 1
- ability to use istio-compatible SPIFFE IDs ( spiffe://vsecm.com/ns/vsecm-system/sa/vsecm-safe for safe, for example) HOT 2
- ability to use VSecM without relying on ClusterSPIFFEIds (i.e. without SpireControllerManager) HOT 2
- let spire-server and the rest of the spire be in two separate namespaces for security (that’s how helm-charts-hardened does it) HOT 2
- ability to use custom root of trust (instead of “vsecm.com”)
- during `make deploy` define clusterspiffeids only after SPIRE has properly reconciled. — this can be done maybe adding some optional wait time after SPIRE has been deployed. — especially useful for multi-node test setups where things might take a bit extra to reconcile. HOT 2
- Quickstart issues
- no need to build fips containers during integration tests. HOT 1
- use helm docs HOT 1
- helm charts: ability to not create initial clusterspiffeids (because some other process is creating those); also ability to not use SpireControllerManager at all (both of these will be optional) HOT 1
- spire controller manager containerport and healthport should be customizable.
- make sure all env vars are documented in inline comments, helm charts, and also on the “configuration” section of the website. HOT 1
- app.kubernetes.io/managed-by=<operator-name> in the secret to indicate which operator manages it.
- read and verify documentation for clarity and consistency.
- cross-check helm-charts-hardened with VSecM helm charts (generate yamls and compare both) for openshift and non-openshift
- integration tests iteration two: different namespaces, istio-like clusterspiffeids; test passes if the system can successfully set and retrieve a secret, nothing complicated
- integration tests iteration three: similar to iteration two, but disable clusterspiffeid and spire controller manager; have a script to register entries manually.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from secrets-manager.