diff --git a/charts/spire/Chart.yaml b/charts/spire/Chart.yaml index e6c6696ce..2e6db0437 100644 --- a/charts/spire/Chart.yaml +++ b/charts/spire/Chart.yaml @@ -29,3 +29,6 @@ dependencies: condition: spiffe-oidc-discovery-provider.enabled repository: file://./charts/spiffe-oidc-discovery-provider version: 0.1.0 +annotations: + artifacthub.io/category: security + artifacthub.io/license: Apache-2.0 diff --git a/charts/spire/charts/spire-agent/README.md b/charts/spire/charts/spire-agent/README.md index f7ed27493..d2cb3a70c 100644 --- a/charts/spire/charts/spire-agent/README.md +++ b/charts/spire/charts/spire-agent/README.md @@ -38,5 +38,6 @@ A Helm chart to install the SPIRE agent. | waitForIt.image.repository | string | `"chainguard/wait-for-it"` | | | waitForIt.image.version | string | `"latest-20230113"` | | | waitForIt.resources | object | `{}` | | +| workloadAttestors.unix.enabled | bool | `false` | enables the Unix workload attestor | ---------------------------------------------- diff --git a/charts/spire/charts/spire-agent/templates/configmap.yaml b/charts/spire/charts/spire-agent/templates/configmap.yaml index 1be1207f5..7cd18573f 100644 --- a/charts/spire/charts/spire-agent/templates/configmap.yaml +++ b/charts/spire/charts/spire-agent/templates/configmap.yaml @@ -36,10 +36,12 @@ data: } } + {{- if .Values.workloadAttestors.unix.enabled }} WorkloadAttestor "unix" { plugin_data { } } + {{- end }} } health_checks { diff --git a/charts/spire/charts/spire-agent/values.yaml b/charts/spire/charts/spire-agent/values.yaml index 2974409e1..da6c1806a 100644 --- a/charts/spire/charts/spire-agent/values.yaml +++ b/charts/spire/charts/spire-agent/values.yaml @@ -77,3 +77,10 @@ telemetry: prometheus: enabled: false port: 9988 + +# workloadAttestors determine a workload's properties and then generate a set of selectors associated with it. +workloadAttestors: + # unix is a workload attestor which generates unix-based selectors like 'uid' and 'gid'. + unix: + # -- enables the Unix workload attestor + enabled: false