From adae08446ccafd5bbf2269dbd38b65bc1a977ca6 Mon Sep 17 00:00:00 2001 From: Bill Mahoney Date: Thu, 20 Apr 2023 13:20:26 -0700 Subject: [PATCH] build: update spire Signed-off-by: Bill Mahoney --- cmd/security-spire-agent/Dockerfile | 2 +- cmd/security-spire-config/Dockerfile | 2 +- cmd/security-spire-server/Dockerfile | 2 +- cmd/security-spire-server/server.conf | 3 ++- 4 files changed, 5 insertions(+), 4 deletions(-) diff --git a/cmd/security-spire-agent/Dockerfile b/cmd/security-spire-agent/Dockerfile index 913d82f9bb..44ad2fdef2 100644 --- a/cmd/security-spire-agent/Dockerfile +++ b/cmd/security-spire-agent/Dockerfile @@ -28,7 +28,7 @@ RUN [ ! -d "vendor" ] && go mod download all || echo "skipping..." COPY . . -ARG SPIRE_RELEASE=1.2.1 +ARG SPIRE_RELEASE=1.6.3 # build spire from the source in order to be compatible with arch arm64 as well # in CI the BUILDER_BASE will already contain a compiled spire-server/agent diff --git a/cmd/security-spire-config/Dockerfile b/cmd/security-spire-config/Dockerfile index 2b944b1348..47c128f443 100644 --- a/cmd/security-spire-config/Dockerfile +++ b/cmd/security-spire-config/Dockerfile @@ -28,7 +28,7 @@ RUN [ ! -d "vendor" ] && go mod download all || echo "skipping..." COPY . . -ARG SPIRE_RELEASE=1.2.1 +ARG SPIRE_RELEASE=1.6.3 # build spire from the source in order to be compatible with arch arm64 as well # in CI the BUILDER_BASE will already contain a compiled spire-server/agent diff --git a/cmd/security-spire-server/Dockerfile b/cmd/security-spire-server/Dockerfile index aa99be4681..aa66d2c2b6 100644 --- a/cmd/security-spire-server/Dockerfile +++ b/cmd/security-spire-server/Dockerfile @@ -28,7 +28,7 @@ RUN [ ! -d "vendor" ] && go mod download all || echo "skipping..." COPY . . -ARG SPIRE_RELEASE=1.2.1 +ARG SPIRE_RELEASE=1.6.3 # build spire from the source in order to be compatible with arch arm64 as well # in CI the BUILDER_BASE will already contain a compiled spire-server/agent diff --git a/cmd/security-spire-server/server.conf b/cmd/security-spire-server/server.conf index 2506eace76..3c9529bbc1 100644 --- a/cmd/security-spire-server/server.conf +++ b/cmd/security-spire-server/server.conf @@ -4,7 +4,8 @@ server { log_file = "/dev/stdout" log_level = "DEBUG" data_dir = "/srv/spiffe/server/data" - default_svid_ttl = "1h" + default_x509_svid_ttl = "1h" + default_jwt_svid_ttl = "5m" ca_key_type = "ec-p384" ca_subject { country = ["US"]