Running SPIRE in Large Scale, Enterprise-Grade Environments

Explore the practical aspects of running SPIRE in large-scale, enterprise-grade environments in this 31-minute conference talk by Andrew Harding from HPE. Delve into key topics such as high availability, nested deployment for multiple availability zones, integration with upstream certificate authorities, observability, and monitoring. Gain valuable insights on trust domains, database management, failure scenarios, agent internals, and TLS implementation. Learn about SPIFFE bundles, multizone deployment strategies, upstream authorities, and the advantages they offer. Discover the intricacies of nested SPIRE setups, SPIRE federation, and trust domain management. Whether you're already using SPIRE at scale or considering its implementation as your infrastructure grows, this talk provides essential knowledge for navigating the complexities of SPIRE in enterprise environments.

Introduction
Agenda
Trust Domain
Database
Failure scenarios
Agent internals
TLS
Svids
Summary
Zones
SPiffy Bundle
Multizone Deployment
Upstream Authority
Bundles
Jot Signing Keys
Upstream Authority Advantages
Nested SPIRE
Upstream SPIRE
SPIRE Federation
SPIRE Bundle Endpoint
Trust Domains
Recap
Outro