29 lines
1.6 KiB
Plaintext
29 lines
1.6 KiB
Plaintext
UpstreamAuthority "vault" {
|
|
plugin_data {
|
|
vault_addr = {{ quote .Values.mtls.upstreamAuthority.vault.vaultAddr }}
|
|
namespace = {{ quote .Values.mtls.upstreamAuthority.vault.namespace }}
|
|
ca_cert_path = "/run/spire/config/upstreamCA.crt"
|
|
{{- if .Values.mtls.upstreamAuthority.vault.pkiMountPoint }}
|
|
pki_mount_path = {{ quote .Values.mtls.upstreamAuthority.vault.pkiMountPoint }}{{ end }}
|
|
{{- if .Values.mtls.upstreamAuthority.vault.insecureSkipVerify }}
|
|
insecure_skip_verify = {{ .Values.mtls.upstreamAuthority.vault.insecureSkipVerify }}{{ end }}
|
|
{{- if .Values.mtls.upstreamAuthority.vault.certAuth}}
|
|
cert_auth = {
|
|
client_cert_path = "/run/spire/config/upstreamClient.crt"
|
|
client_key_path = "/run/spire/secrets/upstreamClient.key"
|
|
{{- if .Values.mtls.upstreamAuthority.vault.certAuth.certAuthRoleName }}
|
|
cert_auth_role_name = {{ quote .Values.mtls.upstreamAuthority.vault.certAuth.certAuthRoleName }}{{ end }}
|
|
{{- if .Values.mtls.upstreamAuthority.vault.certAuth.certAuthMountPoint }}
|
|
cert_auth_mount_point = {{ quote .Values.mtls.upstreamAuthority.vault.certAuth.certAuthMountPoint }}{{ end }}
|
|
}{{ end }}
|
|
{{- if .Values.mtls.upstreamAuthority.vault.tokenAuth }}
|
|
token_auth = {}{{ end }}
|
|
{{- if .Values.mtls.upstreamAuthority.vault.approleAuth }}
|
|
approle_auth = {
|
|
approle_id = {{ quote .Values.mtls.upstreamAuthority.vault.approleAuth.approleID }}
|
|
{{- if .Values.mtls.upstreamAuthority.vault.approleAuth.approleAuthMountPoint }}
|
|
approle_auth_mount_point = {{ quote .Values.mtls.upstreamAuthority.vault.approleAuth.approleAuthMountPoint }}{{ end }}
|
|
}{{ end }}
|
|
}
|
|
}
|