Skip to content

Commit

Permalink
Merge branch 'main' into bundle-endpoint-cert
Browse files Browse the repository at this point in the history
  • Loading branch information
@kfox1111
kfox1111 authored Oct 3, 2024
2 parents 4c2c391 + c461794 commit 5e70a77
Show file tree
Hide file tree
Showing 20 changed files with 166 additions and 131 deletions.
10 changes: 5 additions & 5 deletions charts/spire-nested/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -303,7 +303,7 @@ Now you can interact with the Spire agent socket from your own application. The
| `root-spire-server.controllerManager.identities.clusterSPIFFEIDs.oidc-discovery-provider.enabled` | Enable the test-keys identity | `false` |
| `root-spire-server.controllerManager.identities.clusterSPIFFEIDs.test-keys.enabled` | Enable the test-keys identity | `false` |
| `root-spire-server.externalControllerManagers.enabled` | Flag to enable external controller managers | `true` |
| `root-spire-server.nodeAttestor.k8sPsat.serviceAccountAllowList` | Allowed service accounts for Psat nodeattestor | `[]` |
| `root-spire-server.nodeAttestor.k8sPSAT.serviceAccountAllowList` | Allowed service accounts for PSAT nodeattestor | `[]` |
| `root-spire-server.bundleConfigMap` | The name of the configmap to store the upstream bundle | `spire-bundle-upstream` |
| `external-root-spire-server-full.externalServer` | Set to true to setup the bundle configmap, rbac rules, and identity documents but doesn't deploy the server locally. Useful for external servers. | `true` |
| `external-root-spire-server-full.nameOverride` | Name override | `root-server` |
Expand All @@ -315,15 +315,15 @@ Now you can interact with the Spire agent socket from your own application. The
| `external-root-spire-server-full.controllerManager.identities.clusterSPIFFEIDs.default.enabled` | Enable the default cluster spiffe id | `false` |
| `external-root-spire-server-full.controllerManager.identities.clusterSPIFFEIDs.oidc-discovery-provider.enabled` | Enable the test-keys identity | `false` |
| `external-root-spire-server-full.controllerManager.identities.clusterSPIFFEIDs.test-keys.enabled` | Enable the test-keys identity | `false` |
| `external-root-spire-server-full.nodeAttestor.k8sPsat.serviceAccountAllowList` | Allowed service accounts for Psat nodeattestor | `[]` |
| `external-root-spire-server-full.nodeAttestor.k8sPSAT.serviceAccountAllowList` | Allowed service accounts for PSAT nodeattestor | `[]` |
| `external-root-spire-server-full.bundleConfigMap` | The name of the configmap to store the upstream bundle | `spire-bundle-upstream` |
| `external-root-spire-server-security.externalServer` | Set to true to setup the bundle configmap, rbac rules, and identity documents but doesn't deploy the server locally. Useful for external servers. | `true` |
| `external-root-spire-server-security.nameOverride` | Name override | `root-server` |
| `external-root-spire-server-security.crNameOverride` | Custom Resource name override | `root` |
| `external-root-spire-server-security.controllerManager.enabled` | Enable controller manager and provision CRD's | `true` |
| `external-root-spire-server-security.controllerManager.validatingWebhookConfiguration.enabled` | Disable only when you have another instance on the k8s cluster with webhooks enabled. | `false` |
| `external-root-spire-server-security.controllerManager.className` | specify to use an explicit class name. | `spire-mgmt-external-server` |
| `external-root-spire-server-security.nodeAttestor.k8sPsat.serviceAccountAllowList` | Allowed service accounts for Psat nodeattestor | `[]` |
| `external-root-spire-server-security.nodeAttestor.k8sPSAT.serviceAccountAllowList` | Allowed service accounts for PSAT nodeattestor | `[]` |
| `external-root-spire-server-security.bundleConfigMap` | The name of the configmap to store the upstream bundle | `spire-bundle-upstream` |

### Spire server parameters
Expand All @@ -350,6 +350,6 @@ Now you can interact with the Spire agent socket from your own application. The
| `external-spire-server.upstreamAuthority.spire.enabled` | Enable upstream SPIRE server | `true` |
| `external-spire-server.upstreamAuthority.spire.upstreamDriver` | Use an upstream driver for authentication | `upstream.csi.spiffe.io` |
| `external-spire-server.upstreamAuthority.spire.server.nameOverride` | The name override setting of the root SPIRE server | `root-server` |
| `external-spire-server.notifier.k8sbundle.enabled` | Enable local k8s bundle uploader | `false` |
| `external-spire-server.nodeAttestor.k8sPsat.enabled` | Enable Psat k8s nodeattestor | `false` |
| `external-spire-server.notifier.k8sBundle.enabled` | Enable local k8s bundle uploader | `false` |
| `external-spire-server.nodeAttestor.k8sPSAT.enabled` | Enable PSAT k8s nodeattestor | `false` |
| `external-spire-server.nodeAttestor.joinToken.enabled` | Enable the join_token nodeattestor | `true` |
20 changes: 10 additions & 10 deletions charts/spire-nested/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -246,8 +246,8 @@ root-spire-server:
## @param root-spire-server.externalControllerManagers.enabled Flag to enable external controller managers
enabled: true
nodeAttestor:
k8sPsat:
## @param root-spire-server.nodeAttestor.k8sPsat.serviceAccountAllowList [array] Allowed service accounts for Psat nodeattestor
k8sPSAT:
## @param root-spire-server.nodeAttestor.k8sPSAT.serviceAccountAllowList [array] Allowed service accounts for PSAT nodeattestor
serviceAccountAllowList:
- spire-agent-upstream
## @param root-spire-server.bundleConfigMap The name of the configmap to store the upstream bundle
Expand Down Expand Up @@ -284,8 +284,8 @@ external-root-spire-server-full:
## @param external-root-spire-server-full.controllerManager.identities.clusterSPIFFEIDs.test-keys.enabled Enable the test-keys identity
enabled: false
nodeAttestor:
k8sPsat:
## @param external-root-spire-server-full.nodeAttestor.k8sPsat.serviceAccountAllowList [array] Allowed service accounts for Psat nodeattestor
k8sPSAT:
## @param external-root-spire-server-full.nodeAttestor.k8sPSAT.serviceAccountAllowList [array] Allowed service accounts for PSAT nodeattestor
serviceAccountAllowList:
- spire-agent-upstream
## @param external-root-spire-server-full.bundleConfigMap The name of the configmap to store the upstream bundle
Expand All @@ -308,8 +308,8 @@ external-root-spire-server-security:
## @param external-root-spire-server-security.controllerManager.className specify to use an explicit class name.
className: spire-mgmt-external-server
nodeAttestor:
k8sPsat:
## @param external-root-spire-server-security.nodeAttestor.k8sPsat.serviceAccountAllowList [array] Allowed service accounts for Psat nodeattestor
k8sPSAT:
## @param external-root-spire-server-security.nodeAttestor.k8sPSAT.serviceAccountAllowList [array] Allowed service accounts for PSAT nodeattestor
serviceAccountAllowList:
- spire-agent-upstream
## @param external-root-spire-server-security.bundleConfigMap The name of the configmap to store the upstream bundle
Expand Down Expand Up @@ -385,12 +385,12 @@ external-spire-server:
## @param external-spire-server.upstreamAuthority.spire.server.nameOverride The name override setting of the root SPIRE server
nameOverride: root-server
notifier:
k8sbundle:
## @param external-spire-server.notifier.k8sbundle.enabled Enable local k8s bundle uploader
k8sBundle:
## @param external-spire-server.notifier.k8sBundle.enabled Enable local k8s bundle uploader
enabled: false
nodeAttestor:
k8sPsat:
## @param external-spire-server.nodeAttestor.k8sPsat.enabled Enable Psat k8s nodeattestor
k8sPSAT:
## @param external-spire-server.nodeAttestor.k8sPSAT.enabled Enable PSAT k8s nodeattestor
enabled: false
joinToken:
## @param external-spire-server.nodeAttestor.joinToken.enabled Enable the join_token nodeattestor
Expand Down
Loading

0 comments on commit 5e70a77

Please sign in to comment.