Skip to content

Commit

Permalink
Merge pull request #95 from carverauto/85-install-spire-server
Browse files Browse the repository at this point in the history 
85 install spire server
  • Loading branch information
@mfreeman451
mfreeman451 authored Dec 18, 2024
2 parents adbc77f + 8d691b2 commit f234a6d
Show file tree
Hide file tree
Showing 3 changed files with 44 additions and 6 deletions.
15 changes: 15 additions & 0 deletions k8s/spire/base/README.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,18 @@
# spire server setup

## Setup secret

```yaml
apiVersion: v1
kind: Secret
metadata:
name: spire-postgres
namespace: spire
type: Opaque
stringData:
DB_PASSWORD: ""
```
## Create server
```shell
Expand All @@ -22,3 +35,5 @@ kubectl exec -n spire spire-server-0 -- \
-selector k8s:ns:default \
-selector k8s:sa:default
```


8 changes: 5 additions & 3 deletions k8s/spire/base/server-configmap.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,15 +18,15 @@ data:
ca_subject = {
country = ["US"],
organization = ["Carver Automation Corporation"],
common_name = "",
common_name = "tunnel.threadr.ai",
}
}
plugins {
DataStore "sql" {
plugin_data {
database_type = "sqlite3"
connection_string = "/run/spire/data/datastore.sqlite3"
database_type = "postgres"
connection_string = "dbname=spire user=spire password=__DB_PASSWORD__ host=cluster-pg-rw.cnpg-system.svc.cluster.local port=5432 sslmode=disable"
}
}
Expand All @@ -50,6 +50,8 @@ data:
Notifier "k8sbundle" {
plugin_data {
namespace = "spire"
config_map = "spire-bundle"
}
}
}
Expand Down
27 changes: 24 additions & 3 deletions k8s/spire/base/server-statefulset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,25 @@ spec:
app: spire-server
spec:
serviceAccountName: spire-server
initContainers:
- name: init-config
image: busybox
command: ['sh', '-c']
args:
- |
cp /config-template/server.conf /config/server.conf
sed -i "s|__DB_PASSWORD__|$DB_PASSWORD|g" /config/server.conf
env:
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: spire-postgres
key: DB_PASSWORD
volumeMounts:
- name: spire-config-template
mountPath: /config-template
- name: generated-config
mountPath: /config
containers:
- name: spire-server
image: ghcr.io/spiffe/spire-server:1.5.1
Expand All @@ -27,7 +46,7 @@ spec:
ports:
- containerPort: 8081
volumeMounts:
- name: spire-config
- name: generated-config
mountPath: /run/spire/config
readOnly: true
- name: spire-data
Expand All @@ -48,9 +67,11 @@ spec:
initialDelaySeconds: 5
periodSeconds: 5
volumes:
- name: spire-config
- name: spire-config-template
configMap:
name: spire-server
- name: generated-config
emptyDir: {}
volumeClaimTemplates:
- metadata:
name: spire-data
Expand All @@ -60,4 +81,4 @@ spec:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storage: 1Gi

0 comments on commit f234a6d

Please sign in to comment.