Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: replace trustDomainAliases with caCertificates[].trustDomains in examples for SPIRE #181

Merged
merged 2 commits into from
Mar 20, 2025
Merged

docs: replace trustDomainAliases with caCertificates[].trustDomains in examples for SPIRE #181

merged 2 commits into from
Mar 20, 2025

Conversation

jewertow
Copy link
Collaborator

@jewertow jewertow commented Mar 17, 2025
edited
Loading

Using trustDomainAliases is not the right solution when federated services from different trust domains may have overlapping service account and namespace names. Then authorization policies defined for a single trust domain are automatically generated for all trust domain aliases, and this may be not desired in multi-mesh deployments, so we should avoid using this solution.

We also use trustDomainAliases in e2e tests, but that can be fixed in a follow-up.

@openshift-ci openshift-ci bot added the size/L label Mar 17, 2025
@jewertow jewertow requested a review from bartoszmajsak March 17, 2025 16:46
bartoszmajsak
bartoszmajsak approved these changes Mar 19, 2025
View reviewed changes
Copy link
Collaborator

@bartoszmajsak bartoszmajsak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. I can take a stab at the follow-up if you haven't already.

@jewertow
Copy link
Collaborator Author

I can take a stab at the follow-up if you haven't already

Go ahead :)

@jewertow
Copy link
Collaborator Author

/retest

@openshift-merge-bot openshift-merge-bot bot merged commit 255ad0c into openshift-service-mesh:master Mar 20, 2025
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bartoszmajsak bartoszmajsak bartoszmajsak approved these changes

Assignees
No one assigned
Labels
okay to merge size/L
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jewertow @bartoszmajsak