Skip to content

Commit 5090c6b

Browse files
TessaIOTessaIO
committed
feat: add spiffe integration in master and worker
Signed-off-by: TessaIO <[email protected]>
1 parent eef9912 commit 5090c6b

File tree

8 files changed

+743
-19
lines changed

8 files changed

+743
-19
lines changed

cmd/nfd-master/main.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -91,6 +91,8 @@ func main() {
9191
klog.InfoS("-port is deprecated, will be removed in a future release along with the deprecated gRPC API")
9292
case "verify-node-name":
9393
klog.InfoS("-verify-node-name is deprecated, will be removed in a future release along with the deprecated gRPC API")
94+
case "enable-spiffe":
95+
args.Overrides.EnableSpiffe = overrides.EnableSpiffe
9496
}
9597
})
9698

@@ -188,6 +190,8 @@ func initFlags(flagset *flag.FlagSet) (*master.Args, *master.ConfigOverrideArgs)
188190
"It does not have effect when the NodeFeature API has been disabled (with -feature-gates NodeFeatureAPI=false).")
189191
overrides.NfdApiParallelism = flagset.Int("nfd-api-parallelism", 10, "Defines the maximum number of goroutines responsible of updating nodes. "+
190192
"Can be used for the throttling mechanism. It does not have effect if NodeFeatureAPI feature gate is disabled.")
193+
overrides.EnableSpiffe = flagset.Bool("enable-spiffe", false,
194+
"Enables the Spiffe signature verification of created CRDs. This is still an EXPERIMENTAL feature.")
191195

192196
return args, overrides
193197
}

cmd/nfd-worker/main.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -112,6 +112,8 @@ func parseArgs(flags *flag.FlagSet, osArgs ...string) *worker.Args {
112112
args.Overrides.FeatureSources = overrides.FeatureSources
113113
case "label-sources":
114114
args.Overrides.LabelSources = overrides.LabelSources
115+
case "enable-spiffe":
116+
args.Overrides.EnableSpiffe = overrides.EnableSpiffe
115117
}
116118
})
117119

@@ -163,6 +165,8 @@ func initFlags(flagset *flag.FlagSet) (*worker.Args, *worker.ConfigOverrideArgs)
163165
flagset.Var(overrides.LabelSources, "label-sources",
164166
"Comma separated list of label sources. Special value 'all' enables all sources. "+
165167
"Prefix the source name with '-' to disable it.")
168+
overrides.EnableSpiffe = flagset.Bool("enable-spiffe", false,
169+
"Enables the Spiffe signature verification of created CRDs. This is still an EXPERIMENTAL feature.")
166170

167171
return args, overrides
168172
}

go.mod

Lines changed: 25 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,12 +17,13 @@ require (
1717
github.com/prometheus/client_golang v1.18.0
1818
github.com/smartystreets/goconvey v1.8.1
1919
github.com/spf13/cobra v1.8.0
20+
github.com/spiffe/go-spiffe/v2 v2.2.0
2021
github.com/stretchr/testify v1.9.0
2122
github.com/vektra/errors v0.0.0-20140903201135-c64d83aba85a
2223
golang.org/x/exp v0.0.0-20240112132812-db7319d0e0e3
2324
golang.org/x/net v0.25.0
2425
golang.org/x/time v0.5.0
25-
google.golang.org/grpc v1.60.1
26+
google.golang.org/grpc v1.62.1
2627
google.golang.org/protobuf v1.33.0
2728
k8s.io/api v0.30.0
2829
k8s.io/apiextensions-apiserver v0.30.0
@@ -42,6 +43,22 @@ require (
4243

4344
require (
4445
github.com/Microsoft/go-winio v0.6.0 // indirect
46+
cloud.google.com/go/compute v1.23.3 // indirect
47+
cloud.google.com/go/compute/metadata v0.2.3 // indirect
48+
github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect
49+
github.com/Azure/go-autorest v14.2.0+incompatible // indirect
50+
github.com/Azure/go-autorest/autorest v0.11.29 // indirect
51+
github.com/Azure/go-autorest/autorest/adal v0.9.23 // indirect
52+
github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
53+
github.com/Azure/go-autorest/autorest/mocks v0.4.2 // indirect
54+
github.com/Azure/go-autorest/autorest/to v0.4.0 // indirect
55+
github.com/Azure/go-autorest/autorest/validation v0.3.1 // indirect
56+
github.com/Azure/go-autorest/logger v0.2.1 // indirect
57+
github.com/Azure/go-autorest/tracing v0.6.0 // indirect
58+
github.com/GoogleCloudPlatform/k8s-cloud-provider v1.18.1-0.20220218231025-f11817397a1b // indirect
59+
github.com/JeffAshton/win_pdh v0.0.0-20161109143554-76bb4ee9f0ab // indirect
60+
github.com/Microsoft/go-winio v0.6.1 // indirect
61+
github.com/Microsoft/hcsshim v0.8.25 // indirect
4562
github.com/NYTimes/gziphandler v1.1.1 // indirect
4663
github.com/OneOfOne/xxhash v1.2.8 // indirect
4764
github.com/StackExchange/wmi v1.2.1 // indirect
@@ -62,6 +79,7 @@ require (
6279
github.com/felixge/httpsnoop v1.0.4 // indirect
6380
github.com/ghodss/yaml v1.0.0 // indirect
6481
github.com/go-logr/logr v1.4.1 // indirect
82+
github.com/go-jose/go-jose/v4 v4.0.1 // indirect
6583
github.com/go-logr/stdr v1.2.2 // indirect
6684
github.com/go-ole/go-ole v1.2.6 // indirect
6785
github.com/go-openapi/jsonpointer v0.19.6 // indirect
@@ -106,6 +124,11 @@ require (
106124
github.com/spf13/pflag v1.0.5 // indirect
107125
github.com/stoewer/go-strcase v1.2.0 // indirect
108126
github.com/stretchr/objx v0.5.2 // indirect
127+
github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 // indirect
128+
github.com/vishvananda/netlink v1.1.0 // indirect
129+
github.com/vishvananda/netns v0.0.4 // indirect
130+
github.com/vmware/govmomi v0.30.6 // indirect
131+
github.com/zeebo/errs v1.3.0 // indirect
109132
go.etcd.io/etcd/api/v3 v3.5.10 // indirect
110133
go.etcd.io/etcd/client/pkg/v3 v3.5.10 // indirect
111134
go.etcd.io/etcd/client/v3 v3.5.10 // indirect
@@ -132,6 +155,7 @@ require (
132155
google.golang.org/genproto v0.0.0-20240102182953-50ed04b92917 // indirect
133156
google.golang.org/genproto/googleapis/api v0.0.0-20231212172506-995d672761c0 // indirect
134157
google.golang.org/genproto/googleapis/rpc v0.0.0-20240108191215-35c7eff3a6b1 // indirect
158+
gopkg.in/gcfg.v1 v1.2.3 // indirect
135159
gopkg.in/inf.v0 v0.9.1 // indirect
136160
gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect
137161
gopkg.in/yaml.v2 v2.4.0 // indirect

0 commit comments

Comments
 (0)