apiVersion: v1 kind: ConfigMap metadata: name: {{ template "appmesh-spire-server.fullname" . }} labels: {{ include "appmesh-spire-server.labels" . | indent 4 }} data: server.conf: | server { bind_address = "{{ .Values.config.bindAddress }}" bind_port = "{{ .Values.config.bindPort }}" socket_path = "{{ .Values.config.socketPath }}" trust_domain = "{{ .Values.config.trustDomain }}" data_dir = "/run/spire/data" log_level = "{{ .Values.config.logLevel }}" ca_key_type = "rsa-2048" default_svid_ttl = "{{ .Values.config.svidTTL }}" ca_subject = { country = ["US"], organization = ["SPIFFE"], common_name = "", } } plugins { DataStore "sql" { plugin_data { database_type = "sqlite3" connection_string = "/run/spire/data/datastore.sqlite3" } } NodeAttestor "k8s_psat" { plugin_data { clusters = { "frontend-k8s-cluster" = { service_account_allow_list = ["spire:spire-agent-front"] kube_config_file = "/etc/kubeconfig/frontend/frontend.conf" }, "backend-k8s-cluster" = { service_account_allow_list = ["spire:spire-agent-back"] kube_config_file = "/etc/kubeconfig/backend/backend.conf" } } } } KeyManager "disk" { plugin_data { keys_path = "/run/spire/data/keys.json" } } Notifier "k8sbundle" { plugin_data { } } }