Deep Dive: SPIFFE – Scott Emmons & Emiliano Bernbaum, Scytale
SPIFFE (Secure Production Identity Framework For Everyone) is an open source standard for giving identities to services in dynamic and heterogeneous environments. SPIRE (SPIFFE Runtime Environment) is an implementation of SPIFFE that can be deployed to attest service workloads and the infrastructure that runs them. Is it best to deploy SPIRE components in daemonsets, statefulsets, or regular container deployments? How should configmaps be used to configure the SPIRE server and agent? How is the SPIRE agent deployed and configured so the workload API is available to service containers? What is the recommended mechanism for persisting SPIRE data for resiliency and security? In this deep dive, we’ll discuss these best practices plus more suggestions and recommendations for deploying SPIRE in Kubernetes.
Join us for KubeCon + CloudNativeCon in Shanghai June 24 – 26 and San Diego November 18 – 21! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
Join us for KubeCon + CloudNativeCon in San Diego November 18 – 21. Learn more at bit.ly/2WdUyQ6. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.