![CNCF [Cloud Native Computing Foundation]](https://ccweb.imgix.net/https%3A%2F%2Fwww.classcentral.com%2Fimages%2Flogos%2Finstitutions%2Fcncf-cloud-native-computing-foundation-hz.png?auto=format&h=60&ixlib=php-4.1.0&s=1e85fe5fab5e6a4ac78cf3bd240fe0f0){kind=small}
Explore SPIFFE implementation at GitHub in this 26-minute conference talk. Learn about the deployment of SPIRE and its plugin system integration with internal systems and tooling. Discover the motivation behind standardizing identity between workloads, the layered approach taken, and the challenges faced during initial setup. Gain insights into the improved SPIRE setup, including reprovisioning as a Systemd Unit, exposing the agent to pods, generating custom node selectors, and implementing the x509Pop NodeAttestor. Understand the SPIRE server configuration and custom NodeResolver plugin used at GitHub to empower teams in managing interoperable Production Identity documents.
Overview
Syllabus
Intro
Agenda Motivation
Motivation Make a single standard of identity between workloads a utility for teams
A Layered Approach
SPIRE Setup: Take One
DaemonSet Issues Availability - Daemon Set Pods are terminated before replacements scheduled Race Conditions - Pod creation is unordered per Kube Node Dual Maintenance
SPIRE Setup: Take Two Reprovision SPIRE as a Systemd Unit - Availability
Exposing The Agent To Pods
Generating Custom Node Selectors
The x509Pop NodeAttestor SPIRE Server Config Snippet
Custom NodeResolver Plugin
Custom Selectors
Taught by
CNCF [Cloud Native Computing Foundation]
![CNCF [Cloud Native Computing Foundation]](https://ccweb.imgix.net/https%3A%2F%2Fwww.classcentral.com%2Fimages%2Flogos%2Finstitutions%2Fcncf-cloud-native-computing-foundation-hz.png?auto=format&h=40&ixlib=php-4.1.0&s=41ac519a3d7def6c705637a8ae3c06c4){kind=small}
