Skip to content

Commit a7e8785

Browse files
kfox1111faisal-memon
kfox1111
authored and
faisal-memon
committed
Add another missing one
Signed-off-by: Kevin Fox <[email protected]>
1 parent 3778597 commit a7e8785

File tree

3 files changed

+4
-0
lines changed

3 files changed

+4
-0
lines changed

charts/spire/charts/spire-server/README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -239,6 +239,7 @@ In order to run Tornjak with simple HTTP Connection only, make sure you don't cr
239239
| `controllerManager.identities.ttl` | Indicates an upper-bound time-to-live for X509 SVIDs. If unset, the cluster default will be chosen. | `""` |
240240
| `controllerManager.identities.jwtTTL` | Indicates an upper-bound time-to-live for JWT SVIDs. If unset, the cluster default will be chosen. | `""` |
241241
| `controllerManager.identities.admin` | Indicates any pod matched by this identity will be an admin. Use this with extreme care. | `false` |
242+
| `controllerManager.identities.downstream` | | Set if this spire instance is a root server and the workloads are downstream servers. | `false` |
242243
| `controllerManager.validatingWebhookConfiguration.failurePolicy` | Action when identity is not issued | `Fail` |
243244
| `tools.kubectl.image.registry` | The OCI registry to pull the image from | `docker.io` |
244245
| `tools.kubectl.image.repository` | The repository within the registry | `rancher/kubectl` |

charts/spire/charts/spire-server/templates/controller-manager-cluster-ids.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -35,5 +35,6 @@ spec:
3535
jwtTtl: {{ . | quote }}
3636
{{- end }}
3737
admin: {{ .identities.admin }}
38+
downstream: {{ .identities.downstream }}
3839
{{- end }}
3940
{{- end }}

charts/spire/charts/spire-server/values.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -467,6 +467,8 @@ controllerManager:
467467
jwtTTL: ""
468468
## @param controllerManager.identities.admin Indicates any pod matched by this identity will be an admin. Use this with extreme care.
469469
admin: false
470+
## @param controllerManager.identities.downstream | Set if this spire instance is a root server and the workloads are downstream servers.
471+
downstream: false
470472

471473
validatingWebhookConfiguration:
472474
## @param controllerManager.validatingWebhookConfiguration.failurePolicy Action when identity is not issued

0 commit comments

Comments
 (0)