A Helm chart to install the SPIRE server.
Key | Type | Default | Description |
---|---|---|---|
affinity | object | {} |
|
autoscaling.enabled | bool | false |
|
autoscaling.maxReplicas | int | 100 |
|
autoscaling.minReplicas | int | 1 |
|
autoscaling.targetCPUUtilizationPercentage | int | 80 |
|
bundleConfigMap | string | "spire-server" |
|
ca_subject.common_name | string | "example.org" |
|
ca_subject.country | string | "NL" |
|
ca_subject.organization | string | "Example" |
|
clusterName | string | "example-cluster" |
|
controllerManager.enabled | bool | false |
|
controllerManager.identities.dnsNameTemplates | list | [] |
|
controllerManager.identities.enabled | bool | true |
|
controllerManager.identities.namespaceSelector | object | {} |
|
controllerManager.identities.podSelector | object | {} |
|
controllerManager.identities.spiffeIDTemplate | string | "spiffe://{{ .TrustDomain }}/ns/{{ .PodMeta.Namespace }}/sa/{{ .PodSpec.ServiceAccountName }}" |
|
controllerManager.ignoreNamespaces[0] | string | "kube-system" |
|
controllerManager.ignoreNamespaces[1] | string | "kube-public" |
|
controllerManager.ignoreNamespaces[2] | string | "local-path-storage" |
|
controllerManager.image.pullPolicy | string | "IfNotPresent" |
|
controllerManager.image.registry | string | "ghcr.io" |
|
controllerManager.image.repository | string | "spiffe/spire-controller-manager" |
|
controllerManager.image.version | string | "0.2.1" |
|
controllerManager.resources | object | {} |
|
controllerManager.securityContext | object | {} |
|
controllerManager.service.annotations | object | {} |
|
controllerManager.service.port | int | 443 |
|
controllerManager.service.type | string | "ClusterIP" |
|
dataStorage.accessMode | string | "ReadWriteOnce" |
|
dataStorage.enabled | bool | true |
|
dataStorage.size | string | "1Gi" |
|
dataStorage.storageClass | string | nil |
|
fullnameOverride | string | "" |
|
image.pullPolicy | string | "IfNotPresent" |
|
image.registry | string | "ghcr.io" |
|
image.repository | string | "spiffe/spire-server" |
|
image.version | string | "" |
|
imagePullSecrets | list | [] |
|
jwtIssuer | string | "oidc-discovery.example.org" |
|
logLevel | string | "info" |
|
nameOverride | string | "" |
|
nodeSelector."kubernetes.io/arch" | string | "amd64" |
|
podAnnotations | object | {} |
|
podSecurityContext | object | {} |
|
replicaCount | int | 1 |
SPIRE server currently runs with a sqlite database. Scaling to multiple instances will not work until we use an external database. |
resources | object | {} |
|
securityContext | object | {} |
|
service.annotations | object | {} |
|
service.port | int | 8081 |
|
service.type | string | "ClusterIP" |
|
serviceAccount.annotations | object | {} |
|
serviceAccount.create | bool | true |
|
serviceAccount.name | string | "" |
|
socketPath | string | "/run/spire/server-sockets/spire-server.sock" |
|
telemetry.prometheus.enabled | bool | false |
|
tolerations | list | [] |
|
topologySpreadConstraints | list | [] |
|
trustDomain | string | "example.org" |
|
upstreamAuthority.disk.enabled | bool | false |
|
upstreamAuthority.disk.secret.create | bool | true |
If disabled requires you to create a secret with the given keys (certificate, key and optional bundle) yourself. |
upstreamAuthority.disk.secret.data | object | {"bundle":"","certificate":"","key":""} |
If secret creation is enabled, will create a secret with following certificate info |
upstreamAuthority.disk.secret.name | string | "spiffe-upstream-ca" |
If secret creation is disabled, the secret with this name will be used. |