SPIFFE at GitHub
Offered By: CNCF [Cloud Native Computing Foundation] via YouTube
Course Description
Overview
Explore SPIFFE implementation at GitHub in this 26-minute conference talk. Learn about the deployment of SPIRE and its plugin system integration with internal systems and tooling. Discover the motivation behind standardizing identity between workloads, the layered approach taken, and the challenges faced during initial setup. Gain insights into the improved SPIRE setup, including reprovisioning as a Systemd Unit, exposing the agent to pods, generating custom node selectors, and implementing the x509Pop NodeAttestor. Understand the SPIRE server configuration and custom NodeResolver plugin used at GitHub to empower teams in managing interoperable Production Identity documents.
Syllabus
Intro
Agenda Motivation
Motivation Make a single standard of identity between workloads a utility for teams
A Layered Approach
SPIRE Setup: Take One
DaemonSet Issues Availability - Daemon Set Pods are terminated before replacements scheduled Race Conditions - Pod creation is unordered per Kube Node Dual Maintenance
SPIRE Setup: Take Two Reprovision SPIRE as a Systemd Unit - Availability
Exposing The Agent To Pods
Generating Custom Node Selectors
The x509Pop NodeAttestor SPIRE Server Config Snippet
Custom NodeResolver Plugin
Custom Selectors
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
Introducción a SPIFFE y SPIRE - Autenticando servicios nativos de la nubeEkoparty Security Conference via YouTube Road to SLSA3 - Non-falsifiable Provenance in Tekton with SPIFFE/SPIRE
Linux Foundation via YouTube How SPIFFE Helps Istio in Service Mesh Federation
Linux Foundation via YouTube Trust No System: The Unsettling Reality of Zero Trust
CNCF [Cloud Native Computing Foundation] via YouTube Growing SPIFFE and SPIRE in 2023 and Beyond - Secure Identity Management Progress
CNCF [Cloud Native Computing Foundation] via YouTube