SPIFFE at GitHub
Offered By: CNCF [Cloud Native Computing Foundation] via YouTube
Course Description
Overview
Explore SPIFFE implementation at GitHub in this 26-minute conference talk. Learn about the deployment of SPIRE and its plugin system integration with internal systems and tooling. Discover the motivation behind standardizing identity between workloads, the layered approach taken, and the challenges faced during initial setup. Gain insights into the improved SPIRE setup, including reprovisioning as a Systemd Unit, exposing the agent to pods, generating custom node selectors, and implementing the x509Pop NodeAttestor. Understand the SPIRE server configuration and custom NodeResolver plugin used at GitHub to empower teams in managing interoperable Production Identity documents.
Syllabus
Intro
Agenda Motivation
Motivation Make a single standard of identity between workloads a utility for teams
A Layered Approach
SPIRE Setup: Take One
DaemonSet Issues Availability - Daemon Set Pods are terminated before replacements scheduled Race Conditions - Pod creation is unordered per Kube Node Dual Maintenance
SPIRE Setup: Take Two Reprovision SPIRE as a Systemd Unit - Availability
Exposing The Agent To Pods
Generating Custom Node Selectors
The x509Pop NodeAttestor SPIRE Server Config Snippet
Custom NodeResolver Plugin
Custom Selectors
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
Introduction to Cloud Infrastructure TechnologiesLinux Foundation via edX Scalable Microservices with Kubernetes
Google via Udacity Google Cloud Fundamentals: Core Infrastructure
Google via Coursera Introduction to Kubernetes
Linux Foundation via edX Fundamentals of Containers, Kubernetes, and Red Hat OpenShift
Red Hat via edX