X.509-SVIDs Envoy Tutorial not working.

[3goats]

I'm trying to follow the Spire X.509-SVIDs (https://spiffe.io/docs/latest/microservices/envoy-x509/readme/) tutorial. I'm trying to run the bash scripts/pre-set-env.sh script to build the pre-reqs for the environment. However, the script never completes:

bash pre-set-env.sh

Creates all the resources needed to the SPIRE Server and SPIRE Agent to be available in the cluster.
namespace/spire created
serviceaccount/spire-agent created
serviceaccount/spire-server created
clusterrole.rbac.authorization.k8s.io/spire-agent-cluster-role created
clusterrole.rbac.authorization.k8s.io/spire-server-trust-role created
clusterrolebinding.rbac.authorization.k8s.io/spire-agent-cluster-role-binding created
clusterrolebinding.rbac.authorization.k8s.io/spire-server-trust-role-binding created
configmap/spire-agent created
configmap/spire-bundle created
configmap/spire-server created
service/spire-server created
statefulset.apps/spire-server created
daemonset.apps/spire-agent created
Waiting until SPIRE Agent is running
Waiting for 1 pods to be ready...
partitioned roll out complete: 1 new pods have been updated...
Waiting for daemon set "spire-agent" rollout to finish: 0 of 1 updated pods are available...

The issue here is that the agent rollout never finishes, therefore the script never completes.

I'm using Ubuntu 21.04 and have tried minikube version: v1.20.0 and kind v0.11.0 go1.16.4 linux/amd64

[Andres-GC]

Hi Carl,

I've just tried in a brand new box with Ubuntu 21.04 and Minikube v1.20.0

ubuntu@ip-X-X-X-X:~/spire-tutorials/k8s/envoy-x509$ minikube version
minikube version: v1.20.0
commit: c61663e942ec43b20e8e70839dcca52e44cd85ae
ubuntu@ip-X-X-X-X:~/spire-tutorials/k8s/envoy-x509$ lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 21.04
Release:	21.04
Codename:	hirsute

Complete output

    ubuntu@ip-X-X-X-X:~/spire-tutorials/k8s/envoy-x509/scripts$ bash pre-set-env.sh 
    Creates all the resources needed to the SPIRE Server and SPIRE Agent to be available in the cluster.
    namespace/spire created
    serviceaccount/spire-agent created
    serviceaccount/spire-server created
    clusterrole.rbac.authorization.k8s.io/spire-agent-cluster-role created
    clusterrole.rbac.authorization.k8s.io/spire-server-trust-role created
    clusterrolebinding.rbac.authorization.k8s.io/spire-agent-cluster-role-binding created
    clusterrolebinding.rbac.authorization.k8s.io/spire-server-trust-role-binding created
    configmap/spire-agent created
    configmap/spire-bundle created
    configmap/spire-server created
    service/spire-server created
    statefulset.apps/spire-server created
    daemonset.apps/spire-agent created
    Waiting until SPIRE Agent is running
    Waiting for 1 pods to be ready...
    partitioned roll out complete: 1 new pods have been updated...
    Waiting for daemon set "spire-agent" rollout to finish: 0 of 1 updated pods are available...
    daemon set "spire-agent" successfully rolled out
    time="2021-06-02T16:44:33Z" level=info msg="Agent attestation request completed" address="172.17.0.1:62939" agent_id="spiffe://example.org/spire/agent/k8s_sat/demo-cluster/a5070c19-7b86-42c4-b3c1-cc51d568017b" caller-addr="172.17.0.1:62939" method=AttestAgent node_attestor_type=k8s_sat service=agent.v1.Agent subsystem_name=api
    SPIRE Agent ready.
    Creates registration entries.
    SPIRE resources creation completed.

Are you still having issues with this example?
Is there any other details you think might be useful to take into account to test it?

Regards.

[3goats]

Hmm strange - I will try again first thing tomorrow. Thanks.

Out of interest, what platform are you running Ubuntu on. I'm using a Mac Pro, wondering if there's anything that could be different there.