apiVersion: apps/v1 kind: StatefulSet metadata: name: {{ template "appmesh-spire-server.fullname" . }} labels: {{ include "appmesh-spire-server.labels" . | indent 4 }} spec: replicas: {{ .Values.replicaCount }} selector: matchLabels: app.kubernetes.io/name: {{ include "appmesh-spire-server.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} serviceName: spire-server template: metadata: labels: app.kubernetes.io/name: {{ include "appmesh-spire-server.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: appmesh spec: serviceAccountName: {{ include "appmesh-spire-server.serviceAccountName" . }} volumes: - name: spire-config configMap: name: {{ template "appmesh-spire-server.fullname" . }} - name: front-kubeconfig # ADDED VOLUME FOR FRONTEND KUBECONFIG configMap: name: front-kubeconfig - name: back-kubeconfig # ADDED VOLUME FOR BACKEND KUBECONFIG configMap: name: back-kubeconfig containers: - name: spire-server image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} args: - -config - /run/spire/config/server.conf ports: - containerPort: 8081 livenessProbe: exec: command: - /opt/spire/bin/spire-server - healthcheck failureThreshold: 2 initialDelaySeconds: 15 periodSeconds: 60 timeoutSeconds: 3 volumeMounts: - name: spire-config mountPath: /run/spire/config readOnly: true - name: spire-data mountPath: /run/spire/data readOnly: false - name: front-kubeconfig # ADDED VOLUME FOR FRONTEND KUBECONFIG mountPath: /etc/kubeconfig/frontend readOnly: true - name: back-kubeconfig # ADDED VOLUME FOR BACKEND KUBECONFIG mountPath: /etc/kubeconfig/backend readOnly: true volumeClaimTemplates: - metadata: name: spire-data namespace: spire spec: accessModes: - ReadWriteOnce resources: requests: storage: 1Gi