« Previous 1 2 3 4
Secure microservices with centralized zero trust
Inspired
Conclusion
In this article I covered the important concepts of SPIFFE and SPIRE and deployed a simple application that uses SPIRE to implement mTLS between workloads. However, I haven't touched on many interesting aspects, such as integration with Open Policy Agent (OPA) policies, AWS OpenID Connect (OIDC), HashiCorp Vault, and the creation of your own dedicated attestation plugins. All of these subjects are covered by the documentation, and the helpful SPIRE Slack community is always willing to discuss these concepts, too.
Infos
- Feldman, Daniel, et al. Solving The Bottom Turtle. 2020: https://spiffe.io/book]
- Deploying a federated SPIRE architecture: https://spiffe.io/docs/latest/architecture/federation/readme/
- PIFFE and SPIRE's home on the Internet: https://spiffe.io/
- SPIRE: https://spiffe.io/docs/latest/try/
- Quickstart for Kubernetes: https://spiffe.io/docs/latest/try/getting-started-k8s/
- SPIRE tutorials: https://github.com/spiffe/spire-tutorials
- SPIFFE CSI driver: https://github.com/spiffe/spiffe-csi
- SPIRE docs: https://github.com/spiffe/spire/blob/v1.5.1/doc/plugin_server_nodeattestor_k8s_psat.md
The Author
Abe Sharp heads the Customer Engineering team for the Ezmeral Runtime Enterprise at Hewlett Packard Enterprise. His team is actively supporting SPIRE for a number of major enterprise customers.
« Previous 1 2 3 4
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Sustainable Kubernetes with Project Kepler
Measure, predict, and optimize the carbon footprint of your containerized workloads. -
Rancher manages lean Kubernetes workloads
The Rancher lightweight alternative to Red Hat's OpenShift gives admins a helping hand when entering the world of Kubernetes, but with major differences in architecture. -
Rancher Kubernetes management platform
Rancher has set up shop as an agile alternative to Red Hat OpenShift as an efficient way to manage Kubernetes clusters. In terms of the architecture, a Rancher setup differs significantly from classic Kubernetes. -
Containers made simple
The Portainer graphical management interface makes it easy to deploy containers, relieving you of huge amounts of routine work you would normally have to handle with Docker, Podman, or Kubernetes. However, the licensing structure leaves something to be desired. -
Zero-Ops Kubernetes with MicroK8s
A zero-ops installation of Kubernetes with MicroK8s operates on almost no compute capacity and roughly 700MB of RAM.
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
