Coursera Cuts Jobs Despite $100M Revenue Milestone

Uniform Workload Identity Everywhere - SPIRE Integrations and Extensibility

Uniform Workload Identity Everywhere - SPIRE Integrations and Extensibility

CNCF [Cloud Native Computing Foundation] via YouTube Direct link

Uniform Workload Identity Everywhere: SPIRE Integrations and Extensibility Ryan Turner, Uber

1 of 12
Next

1 of 12

Uniform Workload Identity Everywhere: SPIRE Integrations and Extensibility Ryan Turner, Uber

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Uniform Workload Identity Everywhere - SPIRE Integrations and Extensibility

Automatically move to the next video in the Classroom when playback concludes
  1. 1 Uniform Workload Identity Everywhere: SPIRE Integrations and Extensibility Ryan Turner, Uber
  2. 2 Common Integration Challenges Virtual • Using multiple environments - public and/or private clouds • Proprietary tooling and infrastructure Mix of legacy and cloud-native applications • Enforcing uni…
  3. 3 Open-source implementation of SPIFFE specification • Control plane for identity distribution/rotation • Scalable distributed system
  4. 4 Controlling select functionality and security properties Consumption of SPIRE-issued identity Downstream integrations Simplifying propagation of SVIDs Using SVID as authentication material for extern…
  5. 5 Applies to: Server • Synchronizes upstream PKI chain/keys with SPIRE • Handles CSRs for SPIRE CA Optionally accepts SPIRE JWT signing keys Available built-in plugins
  6. 6 Applies to: Server, Agent • Authenticates a node (physical or virtual) in the infrastructure • Challenge-response protocol Defines bridge of trust between host identity system and SPIRE • Built-in pl…
  7. 7 Selectors can be based on host metadata or be static • Enables distribution of identities to more finely-grained subsets of hosts Alias registration entries matching node selectors can be used to
  8. 8 WorkloadAttestor Applies to: Agent Interrogates trusted system for attributes of process • Matches workload metadata to selectors of identity registrations • Example authorities: OS kernel, orchestra…
  9. 9 Private key generation Computes digital signatures of data Built-in plugins
  10. 10 Plugin interfaces defined in proto/spire/agent, server /* Implement respective plugin interface Add HCL config stanza for respective component(s) (Server and/or Agent) Example for custom NodeAttestor…
  11. 11 Envoy DMTLS using X.509 SVIDs SPIRE Workload API implements Envoy SDS • OIDC Federation Authenticate to external services with SVIDS Example using a JWT-SVID to invoke AWS APIs
  12. 12 Agentless mode Enables serverless use cases • Integration with Apache data projects

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.