From beba1910de7d35fb1591f2ab5f9772e66fd3e829 Mon Sep 17 00:00:00 2001 From: Denis Tingajkin Date: Fri, 25 Dec 2020 17:55:10 +0700 Subject: [PATCH] Add missed spire example and fix README.md doc into root Signed-off-by: Denis Tingajkin --- README.md | 36 ++++-------------------------------- examples/spire/README.md | 36 ++++++++++++++++++++++++++++++++++++ 2 files changed, 40 insertions(+), 32 deletions(-) create mode 100644 examples/spire/README.md diff --git a/README.md b/README.md index 33627f6f1c25..57a9c777bbb3 100644 --- a/README.md +++ b/README.md @@ -1,39 +1,11 @@ # deployment-k8s +This repository provides kubernetes yaml deployments and markdown examples for NSM. -## How to deploy spire? +## Contents -To deploy the spire run following command -``` - kubectl apply -k spire/ +- [Applications](./apps) +- [Basic examples](./examples/basic) -``` -## How to deploy nsm? - -To deploy the nsm run following command -```bash -kubectl apply -k nsm/ -``` - -## How to register nsm spire entry? - -Currently, we are working on automatization and this step will be removed soon. -For now, to register nsm into spire need to run following command: -```bash -kubectl exec -n spire spire-server-0 -- \ - /opt/spire/bin/spire-server entry create \ - -spiffeID spiffe://example.org/ns/spire/sa/spire-agent \ - -selector k8s_sat:cluster:nsm-cluster \ - -selector k8s_sat:agent_ns:spire \ - -selector k8s_sat:agent_sa:spire-agent \ - -node -kubectl exec -n spire spire-server-0 -- \ - /opt/spire/bin/spire-server entry create \ - -spiffeID spiffe://example.org/ns/nsm-system/sa/default \ - -parentID spiffe://example.org/ns/spire/sa/spire-agent \ - -selector k8s:ns:nsm-system \ - -selector k8s:sa:default -``` - diff --git a/examples/spire/README.md b/examples/spire/README.md new file mode 100644 index 000000000000..ce6e264aec8a --- /dev/null +++ b/examples/spire/README.md @@ -0,0 +1,36 @@ +# Spire + +## Run + +To apply spire deployments following the next command: + +```bash +kubectl apply -k . +``` + +Wait for PODs status ready: + +```bash +kubectl wait -n spire --timeout=1m --for=condition=ready pod -l app=spire-agent +``` + +```bash +kubectl wait -n spire --timeout=1m --for=condition=ready pod -l app=spire-server +``` + +Register spire agents in the spire server: +```bash +kubectl exec -n spire spire-server-0 -- \ +/opt/spire/bin/spire-server entry create \ +-spiffeID spiffe://example.org/ns/spire/sa/spire-agent \ +-selector k8s_sat:cluster:nsm-cluster \ +-selector k8s_sat:agent_ns:spire \ +-selector k8s_sat:agent_sa:spire-agent \ +-node +``` + +## Cleanup + +```bash +kubectl delete ns spire +```