apiVersion: v1
kind: ConfigMap
metadata:
  name: {{ template "appmesh-spire-server.fullname" . }}
  labels:
{{ include "appmesh-spire-server.labels" . | indent 4 }}
data:
  server.conf: |
    server {
      bind_address = "{{ .Values.config.bindAddress }}"
      bind_port = "{{ .Values.config.bindPort }}"
      socket_path = "/tmp/spire-server/private/api.sock"
      trust_domain = "{{ .Values.config.trustDomain }}"
      data_dir = "/run/spire/data"
      log_level = "{{ .Values.config.logLevel }}"
      ca_key_type = "rsa-2048"

      default_svid_ttl = "{{ .Values.config.svidTTL }}"
      ca_subject = {
        country = ["US"],
        organization = ["SPIFFE"],
        common_name = "",
      }
    }

    plugins {
      DataStore "sql" {
        plugin_data {
          database_type = "sqlite3"
          connection_string = "/run/spire/data/datastore.sqlite3"
        }
      }

      NodeAttestor "k8s_sat" {
        plugin_data {
          clusters = {
            "k8s-cluster" = {
              use_token_review_api_validation = true
              service_account_allow_list = ["spire:spire-agent"]
            }
          }
        }
      }

      KeyManager "disk" {
        plugin_data {
          keys_path = "/run/spire/data/keys.json"
        }
      }

      Notifier "k8sbundle" {
        plugin_data {
        }
      }
      
    {{ if .Values.config.plugin }}
    {{- .Values.config.plugin | nindent 6 -}}
    {{ end }}
    }