36 lines
1,008 B
YAML
36 lines
1,008 B
YAML
# SPIRE Agent configuration with Guildhouse OIDC Attestor plugin.
|
|
#
|
|
# This is a reference configuration — adapt paths and addresses for your cluster.
|
|
# See docs/deployment.md for full deployment instructions.
|
|
|
|
agent:
|
|
data_dir: /var/lib/spire/agent
|
|
log_level: INFO
|
|
server_address: spire-server.spire.svc.cluster.local
|
|
server_port: 8081
|
|
socket_path: /run/spire/sockets/agent.sock
|
|
trust_domain: guildhouse.example.org
|
|
|
|
plugins:
|
|
NodeAttestor:
|
|
k8s_psat:
|
|
plugin_data:
|
|
cluster: guildhouse
|
|
|
|
KeyManager:
|
|
memory:
|
|
plugin_data: {}
|
|
|
|
WorkloadAttestor:
|
|
# Standard Kubernetes workload attestation.
|
|
k8s:
|
|
plugin_data:
|
|
skip_kubelet_verification: false
|
|
|
|
# Guildhouse OIDC attestation — verifies workload OIDC tokens.
|
|
guildhouse_oidc:
|
|
plugin_cmd: /opt/spire/plugins/oidc-attestor
|
|
plugin_data:
|
|
issuer: https://keycloak.guildhouse.example.org/realms/platform
|
|
audience: spire
|
|
token_path: /var/run/secrets/oidc/token
|