This repository has been archived by the owner on Mar 22, 2024. It is now read-only.
/
configmap.yaml
62 lines (56 loc) · 1.63 KB
/
configmap.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "spire-agent.fullname" . }}
namespace: {{ .Release.Namespace }}
data:
agent.conf: |
agent {
data_dir = "/run/spire"
log_level = {{ .Values.logLevel | quote }}
server_address = "{{ .Release.Name }}-server"
server_port = {{ .Values.server.port | quote }}
socket_path = {{ include "spire.agent-socket-path" . | quote }}
trust_bundle_path = "/run/spire/bundle/bundle.crt"
trust_domain = {{ .Values.trustDomain | quote }}
}
plugins {
NodeAttestor "k8s_psat" {
plugin_data {
cluster = {{ .Values.clusterName | quote }}
}
}
KeyManager "memory" {
plugin_data {
}
}
WorkloadAttestor "k8s" {
plugin_data {
# Defaults to the secure kubelet port by default.
# Minikube does not have a cert in the cluster CA bundle that
# can authenticate the kubelet cert, so skip validation.
skip_kubelet_verification = true
}
}
{{- if .Values.workloadAttestors.unix.enabled }}
WorkloadAttestor "unix" {
plugin_data {
}
}
{{- end }}
}
health_checks {
listener_enabled = true
bind_address = "0.0.0.0"
bind_port = {{ .Values.healthChecks.port | quote }}
live_path = "/live"
ready_path = "/ready"
}
{{- if (dig "telemetry" "prometheus" "enabled" .Values.telemetry.prometheus.enabled .Values.global) }}
telemetry {
Prometheus {
host = "0.0.0.0"
port = {{ .Values.telemetry.prometheus.port }}
}
}
{{- end }}