[go: nahoru, domu]
Skip to content

Latest commit

 

History

History

spire

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
charts
charts
 
 
templates
templates
 
 
.helmignore
.helmignore
 
 
Chart.yaml
Chart.yaml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
values.yaml
values.yaml
 
 

README.md

spire

Version: 0.12.2 Type: application AppVersion: 1.6.0

A Helm chart for deploying the full Spire stack into your k8s cluster.

Components:

  • spire-server
    • spire-controller-manager (optional)
    • spire-k8s-workload-registrar (deprecated, optional)
  • spire-agent
  • spiffe-csi-driver
  • spiffe-oidc-discovery-provider (optional)

Warning: Please note this chart requires Projected Service Account Tokens which has to be enabled on your k8s api server.

Note: Minimum Spire version is v1.5.3 (This requires a nodeSelector to limit to amd64 nodes on multi-node clusters). The recommended minimum version for multi-architecture clusters is v1.6.0 which ships with arm64 support.

To enable Projected Service Account Tokens on Docker for Mac/Windows run the following command to SSH into the Docker Desktop K8s VM.

docker run -it --privileged --pid=host debian nsenter -t 1 -m -u -n -i sh

Then add the following to /etc/kubernetes/manifests/kube-apiserver.yaml

spec:
  containers:
    - command:
        - kube-apiserver
        - --api-audiences=api,spire-server
        - --service-account-issuer=api,spire-agent
        - --service-account-key-file=/run/config/pki/sa.pub
        - --service-account-signing-key-file=/run/config/pki/sa.key

Homepage: https://github.com/philips-labs/helm-charts/tree/main/charts/spire

Maintainers

Name Email Url
marcofranssen marco.franssen@philips.com https://marcofranssen.nl

Source Code

Requirements

Kubernetes: >=1.21.0-0

Repository Name Version
file://./charts/spiffe-csi-driver spiffe-csi-driver 0.1.0
file://./charts/spiffe-oidc-discovery-provider spiffe-oidc-discovery-provider 0.1.0
file://./charts/spire-agent spire-agent 0.1.0
file://./charts/spire-server spire-server 0.1.0

Values

Key Type Default Description
fullnameOverride string ""
nameOverride string ""
spiffe-csi-driver.agentSocketPath string "/run/spire/agent-sockets/spire-agent.sock"
spiffe-oidc-discovery-provider.enabled bool false
spiffe-oidc-discovery-provider.trustDomain string "example.org"
spire-agent.bundleConfigMap string "spire-bundle"
spire-agent.clusterName string "example-cluster"
spire-agent.nameOverride string "agent"
spire-agent.socketPath string "/run/spire/agent-sockets/spire-agent.sock"
spire-agent.trustDomain string "example.org"
spire-server.bundleConfigMap string "spire-bundle"
spire-server.clusterName string "example-cluster"
spire-server.nameOverride string "server"
spire-server.trustDomain string "example.org"