Better spire-server entry commands (#59)

kfox1111 · web-flow · commit 46814985596b · 2023-02-28T22:43:49.000+01:00
* Better spire-server entry commands

Currently in order to use the cli tools such as spire-server entry show
You must know the path within the container to the binary along with what
the path is to the socket. This patch makes that unnessisary. This now
works:
kubectl exec -it spire-server-0 -- spire-server entry show

Signed-off-by: Kevin Fox &lt;Kevin.Fox@pnnl.gov&gt;

* Remove setting thats set to default

Signed-off-by: Kevin Fox &lt;Kevin.Fox@pnnl.gov&gt;

---------

Signed-off-by: Kevin Fox &lt;Kevin.Fox@pnnl.gov&gt;
diff --git a/charts/spire/charts/spire-server/README.md b/charts/spire/charts/spire-server/README.md
@@ -63,7 +63,6 @@ A Helm chart to install the SPIRE server.
 | serviceAccount.annotations | object | `{}` |  |
 | serviceAccount.create | bool | `true` |  |
 | serviceAccount.name | string | `""` |  |
-| socketPath | string | `"/run/spire/server-sockets/spire-server.sock"` |  |
 | telemetry.prometheus.enabled | bool | `false` |  |
 | tolerations | list | `[]` |  |
 | topologySpreadConstraints | list | `[]` |  |
diff --git a/charts/spire/charts/spire-server/templates/NOTES.txt b/charts/spire/charts/spire-server/templates/NOTES.txt
@@ -3,4 +3,4 @@ Installed {{ .Chart.Name }}…
 1. Get the currently registered SPIFFE entries from the server:
 
   kubectl exec -n {{ .Release.Namespace }} {{ include "spire-server.fullname" . }}-0 -c spire-server -- \
-    bin/spire-server entry show -socketPath {{ .Values.socketPath }}
+    spire-server entry show
diff --git a/charts/spire/charts/spire-server/templates/configmap.yaml b/charts/spire/charts/spire-server/templates/configmap.yaml
@@ -8,7 +8,6 @@ data:
     server {
       bind_address = "0.0.0.0"
       bind_port = "8081"
-      socket_path = {{ .Values.socketPath | quote }}
       trust_domain = {{ .Values.trustDomain | quote }}
       data_dir = "/run/spire/data"
       log_level = "{{ .Values.logLevel }}"
diff --git a/charts/spire/charts/spire-server/templates/controller-manager-configmap.yaml b/charts/spire/charts/spire-server/templates/controller-manager-configmap.yaml
@@ -28,5 +28,5 @@ data:
       {{- with .Values.controllerManager.ignoreNamespaces }}
       {{- toYaml . | nindent 6 }}
       {{- end }}
-    spireServerSocketPath: {{ .Values.socketPath | quote }}
+    spireServerSocketPath: "/tmp/spire-server/private/api.sock"
 {{- end }}
diff --git a/charts/spire/charts/spire-server/templates/statefulset.yaml b/charts/spire/charts/spire-server/templates/statefulset.yaml
@@ -41,6 +41,9 @@ spec:
           args:
             - -config
             - /run/spire/config/server.conf
+          env:
+          - name: PATH
+            value: "/opt/spire/bin:/bin"
           ports:
             - name: grpc
               containerPort: 8081
@@ -69,7 +72,7 @@ spec:
             {{- toYaml .Values.resources | nindent 12 }}
           volumeMounts:
             - name: spire-server-socket
-              mountPath: /run/spire/server-sockets
+              mountPath: /tmp/spire-server/private
               readOnly: false
             - name: spire-config
               mountPath: /run/spire/config
@@ -114,7 +117,7 @@ spec:
             {{- toYaml .Values.controllerManager.resources | nindent 12 }}
           volumeMounts:
             - name: spire-server-socket
-              mountPath: /run/spire/server-sockets
+              mountPath: /tmp/spire-server/private
               readOnly: true
             - name: controller-manager-config
               mountPath: /controller-manager-config.yaml
diff --git a/charts/spire/charts/spire-server/values.yaml b/charts/spire/charts/spire-server/values.yaml
@@ -80,7 +80,6 @@ dataStorage:
   storageClass: null
 
 logLevel: info
-socketPath: /run/spire/server-sockets/spire-server.sock
 jwtIssuer: oidc-discovery.example.org
 
 clusterName: example-cluster
