apiVersion: v1
kind: ConfigMap
metadata:
  name: {{ template "appmesh-spire-server.fullname" . }}
  labels:
{{ include "appmesh-spire-server.labels" . | indent 4 }}
data:
  server.conf: |
    server {
      bind_address = "{{ .Values.config.bindAddress }}"
      bind_port = "{{ .Values.config.bindPort }}"
      socket_path = "{{ .Values.config.socketPath }}"
      trust_domain = "{{ .Values.config.trustDomain }}"
      data_dir = "/run/spire/data"
      log_level = "{{ .Values.config.logLevel }}"
      ca_key_type = "rsa-2048"

      default_svid_ttl = "{{ .Values.config.svidTTL }}"
      ca_subject = {
        country = ["US"],
        organization = ["SPIFFE"],
        common_name = "",
      }
    }

    plugins {
      DataStore "sql" {
        plugin_data {
          database_type = "sqlite3"
          connection_string = "/run/spire/data/datastore.sqlite3"
        }
      }

      NodeAttestor "k8s_psat" {
        plugin_data {
          clusters = {
            "frontend-k8s-cluster" = {
              service_account_allow_list = ["spire:spire-agent-front"]
              kube_config_file = "/etc/kubeconfig/frontend/frontend.conf"
            },
            "backend-k8s-cluster" = {
              service_account_allow_list = ["spire:spire-agent-back"]
              kube_config_file = "/etc/kubeconfig/backend/backend.conf"
            }
          }
        }
      }

      KeyManager "disk" {
        plugin_data {
          keys_path = "/run/spire/data/keys.json"
        }
      }

      Notifier "k8sbundle" {
        plugin_data {
        }
      }
    }