# Kustomize overlay for deploying Guildhouse SPIRE plugins. # # This overlay patches the base SPIRE deployment to include plugin binaries # and configuration. Apply on top of the standard SPIRE Helm chart or # kustomize base. apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: [] # Plugin binaries are distributed as a container image. # Mount them into the SPIRE server/agent pods via an init container. patches: - target: kind: Deployment name: spire-server patch: | apiVersion: apps/v1 kind: Deployment metadata: name: spire-server spec: template: spec: initContainers: - name: guildhouse-plugins image: ghcr.io/guildhouse-cooperative/spire-plugins:latest command: ["cp", "-r", "/plugins/", "/opt/spire/plugins/"] volumeMounts: - name: plugins mountPath: /opt/spire/plugins containers: - name: spire-server volumeMounts: - name: plugins mountPath: /opt/spire/plugins readOnly: true volumes: - name: plugins emptyDir: {} - target: kind: Deployment name: spire-agent patch: | apiVersion: apps/v1 kind: Deployment metadata: name: spire-agent spec: template: spec: initContainers: - name: guildhouse-plugins image: ghcr.io/guildhouse-cooperative/spire-plugins:latest command: ["cp", "/plugins/oidc-attestor", "/opt/spire/plugins/"] volumeMounts: - name: plugins mountPath: /opt/spire/plugins containers: - name: spire-agent volumeMounts: - name: plugins mountPath: /opt/spire/plugins readOnly: true volumes: - name: plugins emptyDir: {}