Support running as a separate Pod

spiffe / spire-controller-manager

Kubernetes controller manager that reconciles workload registration and federation relationships.

Apache License 2.0

45 stars 35 forks source link

Support running as a separate Pod #363

Open faisal-memon opened 2 months ago

faisal-memon commented 2 months ago

Would be nice to be able to run controller manager in its own Pod. This request came in as https://github.com/spiffe/helm-charts-hardened/issues/341 with the SPIRE helm charts. The linked ticket has some reasoning for the request.

azdagron commented 2 months ago

We started with UDS to punt on the authentication problem. If it is moved to a different pod, we'd need to figure out how to authenticate the controller with SPIRE and authorize it as an admin.

kfox1111 commented 2 months ago

I could see how that would be extremely difficult to solve, without some kind of hackish auth solution. :/