This configuration is an example of a simple SPIRE 0.9.0 deployment for Kubernetes that uses SAT node attestor.
- The SPIRE server runs as a StatefulSet using a PersistentVolumeClaim.
- The SPIRE agent runs as a DaemonSet.
Both SPIRE agent and server run in the spire namespace, using service accounts of spire-server and spire-agent.
- Set trust_domain and the cluster name for the k8s SAT NodeAttestor.
- Modify the path in the k8s-sa-cert volume for SPIRE server as appropriate for your deployment - this is the certificate used to verify service accounts in the cluster. This example assumes minikube.
Start the server StatefulSet:
$ kubectl apply -f spire-server.yaml
Start the agent DaemonSet:
$ kubectl apply -f spire-agent.yaml