diff --git a/charts/spire-crds/templates/spire.spiffe.io_clusterspiffeids.yaml b/charts/spire-crds/templates/spire.spiffe.io_clusterspiffeids.yaml index b29ad62c..2f348948 100644 --- a/charts/spire-crds/templates/spire.spiffe.io_clusterspiffeids.yaml +++ b/charts/spire-crds/templates/spire.spiffe.io_clusterspiffeids.yaml @@ -71,6 +71,9 @@ spec: items: type: string type: array + hint: + description: Set the entry hint + type: string jwtTtl: description: JWTTTL indicates an upper-bound time-to-live for JWT SVIDs minted for this ClusterSPIFFEID. diff --git a/charts/spire/charts/spire-server/templates/controller-manager-cluster-ids.yaml b/charts/spire/charts/spire-server/templates/controller-manager-cluster-ids.yaml index e3774c9e..1973bdab 100644 --- a/charts/spire/charts/spire-server/templates/controller-manager-cluster-ids.yaml +++ b/charts/spire/charts/spire-server/templates/controller-manager-cluster-ids.yaml @@ -30,7 +30,7 @@ matchLabels: {{ $namespaces := list .Release.Namespace .Values.namespaceOverride (dig "spire" "namespaces" "server" "name" "" .Values.global) (dig "spire" "namespaces" "system" "name" "" .Values.global) | compact | uniq }} {{- range $key, $value := .Values.controllerManager.identities.clusterSPIFFEIDs }} {{- range $skey, $svalue := $value }} -{{- if not (has $skey (list "name" "annotations" "labels" "enabled" "type" "admin" "dnsNameTemplates" "downstream" "federatesWith" "jwtTTL" "namespaceSelector" "podSelector" "spiffeIDTemplate" "ttl" "workloadSelectorTemplates" "autoPopulateDNSNames" "fallback")) }} +{{- if not (has $skey (list "name" "annotations" "labels" "enabled" "type" "admin" "dnsNameTemplates" "downstream" "federatesWith" "jwtTTL" "namespaceSelector" "podSelector" "spiffeIDTemplate" "ttl" "workloadSelectorTemplates" "autoPopulateDNSNames" "fallback" "hint")) }} {{- fail (printf "Unsupported property specified: %s" $skey) }} {{- end }} {{- end }} @@ -63,6 +63,13 @@ metadata: {{- end }} spec: className: {{ include "spire-server.controller-manager-class-name" $root | quote }} + {{- if hasKey $value "hint" }} + {{- if ne $value.hint "" }} + hint: {{ $value.hint }} + {{- end }} + {{- else }} + hint: {{ $key }} + {{- end }} {{- if and (hasKey $value "spiffeIDTemplate") (ne (len $value.spiffeIDTemplate) 0) }} spiffeIDTemplate: {{ $value.spiffeIDTemplate | quote }} {{- else }} diff --git a/charts/spire/charts/spire-server/values.yaml b/charts/spire/charts/spire-server/values.yaml index daa82b0e..81999760 100644 --- a/charts/spire/charts/spire-server/values.yaml +++ b/charts/spire/charts/spire-server/values.yaml @@ -630,6 +630,8 @@ controllerManager: autoPopulateDNSNames: false ## @param controllerManager.identities.clusterSPIFFEIDs.default.fallback Apply this ID only if there are no other matching non fallback ClusterSPIFFEIDs fallback: true + # Set what hint to use. If unset, it will be asigned the clusterSPIFFEID name. If set to "", it will be unset. Any other value will set the hint to exactly what is specified. + # hint: "" child-servers: ## @param controllerManager.identities.clusterSPIFFEIDs.child-servers.enabled Enable this identity for controller manager