Skip to main content

Deploy SPIRL Trust Domain Servers

You'll use SPIRL Trust Domain Servers Helm chart to deploy SPIRL Trust Domain Servers in your Kubernetes cluster.

Here is an example of the Helm chart values file. You should adjust it to your needs.

# SPIRL Trust Domain Server Settings

trustDomainDeployment:
  # Trust domain and ID come from "spirlctl trust-domain register" command.
  # You can always find them again using "spirlctl trust-domain list"
  trustDomainName: "spirl.example.com"
  trustDomainID: "td-diok4t8ahq"

  # The trust domain deployment ID is generated when creating the deployment
  # in the previous step.
  id: "tdd-nnlo6k3t3o"

  # The "name" corresponds to the value passed to "deployment create" during deployment
  # creation in the previous step.
  name: "us-west-2"

controlPlane:
  auth:
    key:
      # Trust Domain Key ID from "spirlctl trust-domain register" command output
      id: "tdk-jj6lzk6pep"
      # Private Key from "spirlctl trust-domain key create" command output
      pem: |
        -----BEGIN PRIVATE KEY-----
        MC4CAQAwBQYDK2VwBCIEIOeg6Cet10sqNY0dPHV3MXKNyxGgrmKeMN0PZKGS+6iB
        -----END PRIVATE KEY-----

# Venafi Integration settings
venafi:
  firefly:
    # Set values from your Venafi account
    clientID: 69d68ca3-9498-11ee-b560-6abasd6fd152
    policyName: SPIRL-venafi-demo
    image: registry.venafi.cloud/public/venafi-images/firefly:v1.4.2
    # This is your Venafi Root CA, which needs to be provided separately
    # because it is not distributed by Firefly.
    trustAnchorPem: |
      -----BEGIN CERTIFICATE-----
        your root CA certificate here
      -----END CERTIFICATE-----
    # Set your Venafi service account private key.
    svcAccKeyPem: |
      -----BEGIN PRIVATE KEY-----
        your private key from the Venafi Firefly service account
      -----END PRIVATE KEY-----

Download the latest SPIRL Trust Domain Server Helm Chart

You can download the latest version of the Helm chart by running the following command.

helm pull oci://ghcr.io/spirl/charts/spirl-server -d .

Deploy SPIRL Trust Domain Servers

You can deploy SPIRL Trust Domain Servers using the following command. Note that:

  1. The --namespace value must contain the trustDomainDeploymentID defined in values.yaml
  2. The helm RELEASE argument must equal the trustDomainDeployment.id defined in values.yaml
helm upgrade --install --namespace $YOUR_TD_DEPLOYMENT_ID-example \
--create-namespace \
--values ./values.yaml \
$YOUR_TD_DEPLOYMENT_ID ./spirl-server-0.14.0.tgz

The command should produce output similar to the following:

Release "tdd-nnlo6k3t3o" does not exist. Installing it now.
NAME: tdd-nnlo6k3t3o
LAST DEPLOYED: Tue Dec 19 08:28:26 2023
NAMESPACE: tdd-nnlo6k3t3o-example
STATUS: deployed
REVISION: 1
TEST SUITE: None