Explore the implementation of secure workload identity in production environments using SPIRE in this conference talk from KubeCon + CloudNativeCon Europe 2022. Discover how SPIRE, a CNCF Incubating project, provides short-lived, automatically rotated identities for workloads based on the SPIFFE specification. Learn about the core design of SPIRE and its application in cloud-native architectures to enhance defense-in-depth. Gain insights into the journey of service organizations, from three-tier architectures to microservices, and understand the fundamentals of SPIFFE, including workload identity description, SPIFFE ID anatomy, and X.509-SVID structure. Delve into SPIRE's architecture, registration process, and workload attestation. Conclude with an overview of upcoming features that expand SPIRE's capabilities as a production identity platform and discover resources for further learning about SPIFFE and SPIRE.
Overview
Syllabus
Intro
Journey of a Services Organization
v1: Three-Tier Architecture
v2: Microservices Architecture
Where Do We Go from Here?
Workload Identity with SPIFFE
SPIFFE 101 Q: How does SPIFFE describe a workload identity ?
Anatomy of a SPIFFE ID
Anatomy of an X.509-SVID
Anatomy of a JWT-SVID
Intro to SPIRE
SPIRE Architecture
A Day in the Life of an X.509-SVID
Anatomy of a SPIRE Registration
Workload Attestation
What We've Seen So Far
What's Coming Next in SPIRE
Learn More about SPIFFE/SPIRE
Taught by
CNCF [Cloud Native Computing Foundation]
