Secure microservices with centralized zero trust

Inspired

Conclusion

In this article I covered the important concepts of SPIFFE and SPIRE and deployed a simple application that uses SPIRE to implement mTLS between workloads. However, I haven't touched on many interesting aspects, such as integration with Open Policy Agent (OPA) policies, AWS OpenID Connect (OIDC), HashiCorp Vault, and the creation of your own dedicated attestation plugins. All of these subjects are covered by the documentation, and the helpful SPIRE Slack community is always willing to discuss these concepts, too.

Infos

  1. Feldman, Daniel, et al. Solving The Bottom Turtle. 2020: https://spiffe.io/book]
  2. Deploying a federated SPIRE architecture: https://spiffe.io/docs/latest/architecture/federation/readme/
  3. PIFFE and SPIRE's home on the Internet: https://spiffe.io/
  4. SPIRE: https://spiffe.io/docs/latest/try/
  5. Quickstart for Kubernetes: https://spiffe.io/docs/latest/try/getting-started-k8s/
  6. SPIRE tutorials: https://github.com/spiffe/spire-tutorials
  7. SPIFFE CSI driver: https://github.com/spiffe/spiffe-csi
  8. SPIRE docs: https://github.com/spiffe/spire/blob/v1.5.1/doc/plugin_server_nodeattestor_k8s_psat.md

The Author

Abe Sharp heads the Customer Engineering team for the Ezmeral Runtime Enterprise at Hewlett Packard Enterprise. His team is actively supporting SPIRE for a number of major enterprise customers.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus