Closed fplk closed 2 years ago
fplk
commented
2 years ago Solved - one needs to remove the image selectors in the create-registration-entries script (and potentially the uid selectors as well, though I am not so sure about that). Major thanks to Max Lambrecht, Dave Heller and Marcos Yacob for looking at this with me - very much appreciated.
maxlambrecht
commented
2 years ago Solved - one needs to remove the image selectors in the
create-registration-entriesscript (and potentially the uid selectors as well, though I am not so sure about that). Major thanks to Max Lambrecht, Dave Heller and Marcos Yacob for looking at this with me - very much appreciated.
The issue was with the docker images SHA in the registration entries, I submitted a PR to change them to use the docker version instead. No need to change the UID in the registration entries.
I've been trying to reproduce https://github.com/solo-io/hoot/tree/master/25-istio-spire-integration on Minikube 1.23 on macOS, but after deploying SPIRE and Istio the pods of the example application do not fully come up.
The main clue I have found is that when describing the pod it says
Thus, my work hypothesis is that the authentication blocks the communication, e.g., since the registration entries have selectors which fail, but I have not figured out why that is, yet. I suspected that the UID of 1000 might be the problem and changed it to 1337 in the yaml files, but the issue still persists.
Could you advise on how to get it to work? This example would be quite useful if it worked, since it nicely combines the Mithril and Istio docs perspective. Thank you in advance.