SPIFFE at GitHub
Offered By: CNCF [Cloud Native Computing Foundation] via YouTube
Course Description
Overview
Explore SPIFFE implementation at GitHub in this 26-minute conference talk. Learn about the deployment of SPIRE and its plugin system integration with internal systems and tooling. Discover the motivation behind standardizing identity between workloads, the layered approach taken, and the challenges faced during initial setup. Gain insights into the improved SPIRE setup, including reprovisioning as a Systemd Unit, exposing the agent to pods, generating custom node selectors, and implementing the x509Pop NodeAttestor. Understand the SPIRE server configuration and custom NodeResolver plugin used at GitHub to empower teams in managing interoperable Production Identity documents.
Syllabus
Intro
Agenda Motivation
Motivation Make a single standard of identity between workloads a utility for teams
A Layered Approach
SPIRE Setup: Take One
DaemonSet Issues Availability - Daemon Set Pods are terminated before replacements scheduled Race Conditions - Pod creation is unordered per Kube Node Dual Maintenance
SPIRE Setup: Take Two Reprovision SPIRE as a Systemd Unit - Availability
Exposing The Agent To Pods
Generating Custom Node Selectors
The x509Pop NodeAttestor SPIRE Server Config Snippet
Custom NodeResolver Plugin
Custom Selectors
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
Software as a ServiceUniversity of California, Berkeley via Coursera Software Defined Networking
Georgia Institute of Technology via Coursera Pattern-Oriented Software Architectures: Programming Mobile Services for Android Handheld Systems
Vanderbilt University via Coursera Web-Technologien
openHPI Données et services numériques, dans le nuage et ailleurs
Certificat informatique et internet via France Université Numerique