A Helm chart to provide an opinionated deployment of Trustee in a validated pattern
This chart is intended for use with the coco-pattern and other validated patterns.
It is part of three charts that are intended to be used together:
- trustee indended to deploy the Key Broker Service (KBS) and related infrastructure (this chart))
- This should be deployed on an ACM hub cluster
- sandboxed-containers intended to be deployed on an ACM spoke cluster where there is access to confidential hardware
- sandboxed-policies intended to be deployed on an ACM hub cluster which pushes polices to the spoke cluster.
In order to use this chart, you will need to:
- Have a security policy created and available. This is a container security policy that will be used to verify the inside a kata vm.
- Have a public key created and available. This is a public key that will be used to authenticate the KBS management API.
- Have a list of secret resources to be added to the KBS as a list of name, key pairs where key is the path to the secret in the secret store. These will be used to authenticate the KBS management API.
| Key | Type | Default | Description |
|---|---|---|---|
| global.secretStore.backend | string | "" |
|
| kbs.publicKey | string | "secret/data/hub/kbsPublicKey" |
|
| kbs.secretResources | list | [] |
|
| kbs.securityPolicy | string | "secret/data/hub/securityPolicyConfig" |
|
| secretStore.kind | string | "" |
|
| secretStore.name | string | "" |
Autogenerated from chart metadata using helm-docs v1.14.2