Explore the challenges and learnings from Uber's large-scale migration of SPIFFE IDs across thousands of nodes in this 15-minute conference talk. Dive into the complexities of changing SPIFFE ID formats for various workload classes, understanding service-to-service authorization mechanisms, and updating authorization policies. Learn about the potential impacts on SPIRE control plane reliability, obstacles like hard-coded SPIFFE IDs, and the lack of preferred identity selection. Gain valuable insights into choosing an optimal SPIFFE ID format and selectors, and discover strategies to avoid similar migration issues in the future. Benefit from Uber's experience in evolving their identity platform and core infrastructure model.
Changing the SPIFFE ID of Every SPIRE-Enabled Workload at Uber - Challenges and Learnings
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
Intro
Agenda
Background
A SPIRE Registration
Problem Statement
Approach-2
Challenges
Migration steps
Learnings
New SPIFFE ID format
Taught by
CNCF [Cloud Native Computing Foundation]
