Sorin Dumitru
Sorin Dumitru
I think this is somewhat similar to https://github.com/spiffe/spire/issues/4329 (or at least the root cause of it), just that now if affects events which leads to more visible issues. I think...
I also noticed that during start up we fetch the latest event id and the list the entries/agents in two independent transactions: https://github.com/spiffe/spire/blob/0727fa64f7af0330c3b4e1404d2e240bdd44cfe5/pkg/server/endpoints/authorized_entryfetcher.go#L206 Should this happen in a single transaction...
@vassilvk would you mind testing again with the latest changes? We've replaced the use of `k8s_sat` with `k8s_psat`. If that doesn't work, could you also try specifying: ``` securityContext: fsGroup:...
I think the force rotation API by itself doesn't help, since it looks like you can only tell an existing server instance to prepare or rotate a CA. It would...
In particular you could probably achieve this by adding an `extra_extension` with [OID 1.3.6.1.5.5.7.3.3](https://oidref.com/1.3.6.1.5.5.7.3.3).
This was fixed in #6158 and #6164 so closing this
I've had a look at the two algorithms (the existing one and the new proposal) to see what we can do to make some progress on this. I think they...
We discussed this a bit yesterday during the contributor sync. To summarise what I remember: * When the sync period is small (N minutes), there's probably not much practical difference...
We discussed this during the maintainers meeting last week and during the contributors sync yesterday. One main takeway from that is that most of the use cases here can be...
This seems to be comming from https://github.com/cert-manager/cert-manager/blob/cc4b6f3049551e7dd400016c161d66f2c61d69cb/pkg/controller/certificaterequests/acme/acme.go#L135C3-L135C201 I wonder if this isn't a too strict requirement in cert-manager, though. https://datatracker.ietf.org/doc/html/rfc8555/ says: ``` Identifiers of type "dns" MUST appear either in...