Sample App Mesh SPIRE Server Helm chart for Kubernetes
Add the EKS repository to Helm:
helm repo add eks https://aws.github.io/eks-charts
Install App Mesh SPIRE Server:
helm upgrade -i appmesh-spire-server eks/appmesh-spire-server \
--namespace spire
The configuration section lists the parameters that can be configured during installation.
To uninstall/delete the appmesh-spire-server
deployment:
helm delete appmesh-spire-server --namespace spire
The command removes all the Kubernetes components associated with the chart and deletes the release.
The following tables lists the configurable parameters of the chart and their default values.
Parameter | Description | Default |
---|---|---|
config.trustDomain |
SPIRE Trust Domain | appmesh.aws |
config.logLevel |
Log Level | DEBUG |
config.svidTTL |
SVID TTL value | 1h |
config.bindAddress |
SPIRE Server Bind Address | 0.0.0.0 |
config.bindPort |
SPIRE Server Bind Port | 8081 |
serviceAccount.create |
If true , create a new service account |
true |
serviceAccount.name |
Service account to be used | spire-server |
config.plugin |
SPIRE Plugin(s) | null |
image.tag |
SPIRE Server image version | 1.5.0 |
To add plugins to the SPIRE server according to the documentation, use the following convention
config:
plugin: |
NodeAttestor "tpm" {
plugin_cmd = "/path/to/plugin_cmd"
plugin_checksum = "sha256 of the plugin binary"
plugin_data {
ca_path = "/opt/spire/.data/certs"
}
}
If you want to upgrade existing SPIRE to a later version without down time, be aware that the difference between SPIRE Agent and SPIRE Server CANNOT BE GREATER than 1 minor version. Also you have to upgrade 1 minor version at a time. Check this documentation for more info.