Add spire setup

Signed-off-by: Moritz Schmitz von Hülst <[email protected]>
spiffe · Feb 14, 2024 · b52c4a5 · b52c4a5
1 parent 3ff3735
commit b52c4a5
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 1 deletion.
diff --git a/.github/tests/spire-values.yaml b/.github/tests/spire-values.yaml
@@ -0,0 +1,16 @@
+spire-server:
+  controllerManager:
+    identities:
+      clusterSPIFFEIDs:
+        default:
+          enabled: false
+        java-spiffe-helper:
+          spiffeIDTemplate: spiffe://{{ .TrustDomain }}/ns/{{ .PodMeta.Namespace }}/sa/{{ .PodSpec.ServiceAccountName }}
+          namespaceSelector:
+            matchLabels:
+              kubernetes.io/metadata.name: default
+          podSelector:
+            matchLabels:
+              app: java-spiffe-helper
+          dnsNameTemplates:
+            - java-spiffe-helper
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -23,6 +23,9 @@ jobs:
         with:
           cluster_name: kind
       - run: kind load docker-image java-spiffe-helper:test --name kind
+      - run: helm upgrade --install -n spire-server spire-crds spire-crds --repo https://spiffe.github.io/helm-charts-hardened/ --create-namespace
+      - run: helm upgrade --install -n spire-server spire spire --repo https://spiffe.github.io/helm-charts-hardened/ -f .github/tests/spire-values.yaml
       - run: kubectl apply -f .github/tests/java-spiffe-helper.yaml
       - run: kubectl wait pods --for condition=Ready --timeout=90s
-      - run: kubectl logs deployment/java-spiffe-helper
+      - if: ${{ always() }}
+        run: kubectl logs deployment/java-spiffe-helper