The SPIRE Controller Manager configuration is defined here.
Beyond the standard controller manager configuration, the following fields are defined:
| Field | Required | Default | Description |
|---|---|---|---|
clusterName |
REQUIRED | The name of the cluster | |
trustDomain |
REQUIRED | The trust domain name for the cluster | |
clusterDomain |
OPTIONAL | The domain of the cluster, ie cluster.local. If not specified will attempt to auto detect. |
|
ignoreNamespaces |
OPTIONAL | ["kube-system", "kube-public", "spire-system"] |
Namespaces that the controllers should ignore |
validatingWebhookConfigurationName |
OPTIONAL | spire-controller-manager-webhook |
The name of the validating admission controller webhook to manage |
gcInterval |
OPTIONAL | 10s |
How often the SPIRE state is reconciled when the controller is otherwise idle. This impacts how quickly SPIRE state will converge after CRDs are removed or SPIRE state is mutated underneath the controller. |
spireServerSocketPath |
OPTIONAL | /spire-server/api.sock |
The path the the SPIRE Server API socket |