The Production Identity Control Plane - Recommended Practices for SPIFFE-SPIRE at Scale
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
Intro
Credits: Solving the Bottom Turtle Booksprint
Agenda
Solving for the Bottom Turtle
PKI/Auth Pain points in Modern Applicatio
Reasons to use SPIFFE and SPIRE
SPIFFE in a turtleshell
Trust domains
SPIRE Server
SPIRE Agent
SPIRE Plugin Architecture
Node attestation
Workload Attestation
Security Boundaries: Workload Agent
Security Boundaries: Agent Server
Security Boundaries: Server Server
Single Trust Domain Deployment
Single Trust Domain High Availability
Nested SPIRE Deployment
Federated SPIRE
Enabling software thru SPIFFE-Aware Prom
Automated Registration Entries
Independent Islands vs Bridged Islands
Other Considerations for Scale
Taught by
CNCF [Cloud Native Computing Foundation]