68 lines
2.1 KiB
YAML
68 lines
2.1 KiB
YAML
# Kustomize overlay for deploying Guildhouse SPIRE plugins.
|
|
#
|
|
# This overlay patches the base SPIRE deployment to include plugin binaries
|
|
# and configuration. Apply on top of the standard SPIRE Helm chart or
|
|
# kustomize base.
|
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
kind: Kustomization
|
|
|
|
resources: []
|
|
|
|
# Plugin binaries are distributed as a container image.
|
|
# Mount them into the SPIRE server/agent pods via an init container.
|
|
patches:
|
|
- target:
|
|
kind: Deployment
|
|
name: spire-server
|
|
patch: |
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: spire-server
|
|
spec:
|
|
template:
|
|
spec:
|
|
initContainers:
|
|
- name: guildhouse-plugins
|
|
image: ghcr.io/guildhouse-cooperative/spire-plugins:latest
|
|
command: ["cp", "-r", "/plugins/", "/opt/spire/plugins/"]
|
|
volumeMounts:
|
|
- name: plugins
|
|
mountPath: /opt/spire/plugins
|
|
containers:
|
|
- name: spire-server
|
|
volumeMounts:
|
|
- name: plugins
|
|
mountPath: /opt/spire/plugins
|
|
readOnly: true
|
|
volumes:
|
|
- name: plugins
|
|
emptyDir: {}
|
|
|
|
- target:
|
|
kind: Deployment
|
|
name: spire-agent
|
|
patch: |
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: spire-agent
|
|
spec:
|
|
template:
|
|
spec:
|
|
initContainers:
|
|
- name: guildhouse-plugins
|
|
image: ghcr.io/guildhouse-cooperative/spire-plugins:latest
|
|
command: ["cp", "/plugins/oidc-attestor", "/opt/spire/plugins/"]
|
|
volumeMounts:
|
|
- name: plugins
|
|
mountPath: /opt/spire/plugins
|
|
containers:
|
|
- name: spire-agent
|
|
volumeMounts:
|
|
- name: plugins
|
|
mountPath: /opt/spire/plugins
|
|
readOnly: true
|
|
volumes:
|
|
- name: plugins
|
|
emptyDir: {}
|