A Helm chart to install the SPIRE server.
| Key | Type | Default | Description |
|---|---|---|---|
| affinity | object | {} |
|
| autoscaling.enabled | bool | false |
|
| autoscaling.maxReplicas | int | 100 |
|
| autoscaling.minReplicas | int | 1 |
|
| autoscaling.targetCPUUtilizationPercentage | int | 80 |
|
| bundleConfigMap | string | "spire-server" |
|
| ca_subject.common_name | string | "example.org" |
|
| ca_subject.country | string | "NL" |
|
| ca_subject.organization | string | "Example" |
|
| clusterName | string | "example-cluster" |
|
| controllerManager.enabled | bool | false |
|
| controllerManager.identities.dnsNameTemplates | list | [] |
|
| controllerManager.identities.enabled | bool | true |
|
| controllerManager.identities.namespaceSelector | object | {} |
|
| controllerManager.identities.podSelector | object | {} |
|
| controllerManager.identities.spiffeIDTemplate | string | "spiffe://{{ .TrustDomain }}/ns/{{ .PodMeta.Namespace }}/sa/{{ .PodSpec.ServiceAccountName }}" |
|
| controllerManager.ignoreNamespaces[0] | string | "kube-system" |
|
| controllerManager.ignoreNamespaces[1] | string | "kube-public" |
|
| controllerManager.ignoreNamespaces[2] | string | "local-path-storage" |
|
| controllerManager.image.pullPolicy | string | "IfNotPresent" |
|
| controllerManager.image.registry | string | "ghcr.io" |
|
| controllerManager.image.repository | string | "spiffe/spire-controller-manager" |
|
| controllerManager.image.version | string | "0.2.1" |
|
| controllerManager.resources | object | {} |
|
| controllerManager.securityContext | object | {} |
|
| controllerManager.service.annotations | object | {} |
|
| controllerManager.service.port | int | 443 |
|
| controllerManager.service.type | string | "ClusterIP" |
|
| dataStorage.accessMode | string | "ReadWriteOnce" |
|
| dataStorage.enabled | bool | true |
|
| dataStorage.size | string | "1Gi" |
|
| dataStorage.storageClass | string | nil |
|
| fullnameOverride | string | "" |
|
| image.pullPolicy | string | "IfNotPresent" |
|
| image.registry | string | "ghcr.io" |
|
| image.repository | string | "spiffe/spire-server" |
|
| image.version | string | "" |
|
| imagePullSecrets | list | [] |
|
| jwtIssuer | string | "oidc-discovery.example.org" |
|
| logLevel | string | "info" |
|
| nameOverride | string | "" |
|
| nodeSelector."kubernetes.io/arch" | string | "amd64" |
|
| podAnnotations | object | {} |
|
| podSecurityContext | object | {} |
|
| replicaCount | int | 1 |
SPIRE server currently runs with a sqlite database. Scaling to multiple instances will not work until we use an external database. |
| resources | object | {} |
|
| securityContext | object | {} |
|
| service.annotations | object | {} |
|
| service.port | int | 8081 |
|
| service.type | string | "ClusterIP" |
|
| serviceAccount.annotations | object | {} |
|
| serviceAccount.create | bool | true |
|
| serviceAccount.name | string | "" |
|
| socketPath | string | "/run/spire/server-sockets/spire-server.sock" |
|
| telemetry.prometheus.enabled | bool | false |
|
| tolerations | list | [] |
|
| topologySpreadConstraints | list | [] |
|
| trustDomain | string | "example.org" |
|
| upstreamAuthority.disk.enabled | bool | false |
|
| upstreamAuthority.disk.secret.create | bool | true |
If disabled requires you to create a secret with the given keys (certificate, key and optional bundle) yourself. |
| upstreamAuthority.disk.secret.data | object | {"bundle":"","certificate":"","key":""} |
If secret creation is enabled, will create a secret with following certificate info |
| upstreamAuthority.disk.secret.name | string | "spiffe-upstream-ca" |
If secret creation is disabled, the secret with this name will be used. |