andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
rancher-partner-charts/charts/f5/nginx-service-mesh/configs/spire-server.conf

73 lines
2.0 KiB
Plaintext
Raw Blame History

server {
bind_address = "0.0.0.0"
bind_port = "8081"
ca_key_type = {{ quote .Values.mtls.caKeyType }}
ca_ttl = {{ quote .Values.mtls.caTTL }}
data_dir = "/run/spire/data"
log_level = "DEBUG"
socket_path = "/run/spire/sockets/spire-registration.sock"
default_x509_svid_ttl = {{ quote .Values.mtls.svidTTL }}
trust_domain = {{ quote .Values.mtls.trustDomain }}
ca_subject = {
country = ["US"],
organization = ["NGINX"],
common_name = "",
}
}
plugins {
DataStore "sql" {
plugin_data {
database_type = "sqlite3"
connection_string = "/run/spire/data/datastore.sqlite3"
}
}
NodeAttestor "k8s_psat" {
plugin_data {
clusters = {
"nginx-mesh" = {
service_account_allow_list = [{{ printf "%s:spire-agent" .Release.Namespace | quote }}]
}
}
}
}
Notifier "k8sbundle" {
plugin_data {
namespace = {{ quote .Release.Namespace }}
webhook_label = "spiffe.io/webhook"
api_service_label = "spiffe.io/apiservice"
}
}
KeyManager {{ quote .Values.mtls.spireServerKeyManager }} {
{{- if eq .Values.mtls.spireServerKeyManager "disk" }}
plugin_data {
keys_path = "/run/spire/data/keys.json"
}
{{- end }}
}
{{ if .Values.mtls.upstreamAuthority.awsPCA }}
{{ tpl (.Files.Get "configs/upstreamAuthority/aws-pca-ua.conf") . }}
{{ else if .Values.mtls.upstreamAuthority.awsSecret }}
{{ tpl (.Files.Get "configs/upstreamAuthority/aws-secret-ua.conf") . }}
{{ else if .Values.mtls.upstreamAuthority.disk }}
{{ tpl (.Files.Get "configs/upstreamAuthority/disk-ua.conf") . }}
{{ else if .Values.mtls.upstreamAuthority.vault }}
{{ tpl (.Files.Get "configs/upstreamAuthority/vault-ua.conf") . }}
{{ else if .Values.mtls.upstreamAuthority.certManager }}
{{ tpl (.Files.Get "configs/upstreamAuthority/cert-manager-ua.conf") . }}
{{ end }}
}
health_checks {
listener_enabled = true
bind_address = "0.0.0.0"
bind_port = "8082"
live_path = "/live"
ready_path = "/ready"
}
Reference in New Issue View Git Blame Copy Permalink