mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-01-05 12:51:03 -05:00
73 lines
2.2 KiB
YAML
73 lines
2.2 KiB
YAML
|
{{- if and .Values.authentication.mutual.spire.enabled .Values.authentication.mutual.spire.install.enabled -}}
|
||
|
|
apiVersion: v1
|
||
|
|
kind: ConfigMap
|
||
|
|
metadata:
|
||
|
|
name: spire-server
|
||
|
|
namespace: {{ .Values.authentication.mutual.spire.install.namespace }}
|
||
|
|
{{- with .Values.authentication.mutual.spire.annotations }}
|
||
|
|
annotations:
|
||
|
|
{{- toYaml . | nindent 4 }}
|
||
|
|
{{- end }}
|
||
|
|
data:
|
||
|
|
server.conf: |
|
||
|
|
server {
|
||
|
|
bind_address = "0.0.0.0"
|
||
|
|
bind_port = "8081"
|
||
|
|
socket_path = "/tmp/spire-server/private/api.sock"
|
||
|
|
trust_domain = {{ .Values.authentication.mutual.spire.trustDomain | quote }}
|
||
|
|
data_dir = "/run/spire/data"
|
||
|
|
log_level = "INFO"
|
||
|
|
ca_key_type = {{ .Values.authentication.mutual.spire.install.server.ca.keyType | quote }}
|
||
|
|
|
||
|
|
ca_subject = {
|
||
|
|
country = [{{ .Values.authentication.mutual.spire.install.server.ca.subject.country | quote }}],
|
||
|
|
organization = [{{ .Values.authentication.mutual.spire.install.server.ca.subject.organization | quote }}],
|
||
|
|
common_name = {{ .Values.authentication.mutual.spire.install.server.ca.subject.commonName | quote }},
|
||
|
|
}
|
||
|
|
|
||
|
|
admin_ids = [
|
||
|
|
"spiffe://{{ .Values.authentication.mutual.spire.trustDomain }}/cilium-operator",
|
||
|
|
]
|
||
|
|
}
|
||
|
|
|
||
|
|
plugins {
|
||
|
|
DataStore "sql" {
|
||
|
|
plugin_data {
|
||
|
|
database_type = "sqlite3"
|
||
|
|
connection_string = "/run/spire/data/datastore.sqlite3"
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
NodeAttestor "k8s_psat" {
|
||
|
|
plugin_data {
|
||
|
|
clusters = {
|
||
|
|
{{ .Values.cluster.name | quote }} = {
|
||
|
|
use_token_review_api_validation = true
|
||
|
|
service_account_allow_list = ["{{ .Values.authentication.mutual.spire.install.namespace}}:{{ .Values.authentication.mutual.spire.install.agent.serviceAccount.name }}"]
|
||
|
|
}
|
||
|
|
}
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
KeyManager "disk" {
|
||
|
|
plugin_data {
|
||
|
|
keys_path = "/run/spire/data/keys.json"
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
Notifier "k8sbundle" {
|
||
|
|
plugin_data {
|
||
|
|
namespace = {{ .Values.authentication.mutual.spire.install.namespace | quote }}
|
||
|
|
}
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
health_checks {
|
||
|
|
listener_enabled = true
|
||
|
|
bind_address = "0.0.0.0"
|
||
|
|
bind_port = "8080"
|
||
|
|
live_path = "/live"
|
||
|
|
ready_path = "/ready"
|
||
|
|
}
|
||
|
|
{{- end }}
|