Questions tagged [spiffe]

Use this tag when encountering questions about standards related to SPIFFE or SPIRE, use spiffe-spire when encountering questions about SPIRE deployments.

A set of security standards for establishing service identities, and the organization that governs them.

9 questions

votes

2 answers

How to implement role-based auth with SPIFFE/SPIRE?

I'm in the process of vetting a move to service mesh. While Istio and Consul Connect are certainly still in the cards, I'm leaning towards building up from a bit lower level with Linkerd and SPIFFE/SPIRE. I want to build a 'hello world' mesh to test…

asked Sep 22 '21 at 22:28

lmonninger

vote

0 answers

Azure AD workload identity federation with SPIFFE and SPIRE

I'm working on a demo to demonstrate Azure AD workload identity federation with SPIFFE and SPIRE. Following this blog. All the steps worked except the verification step. In the verification step - it is supposed to fetch JWT toke exchange for AD…

azure storage spiffe spiffe-spire

asked Mar 10 '23 at 20:55

Ranjit

vote

2 answers

Setting a custom call source header with Istio

I have a setup using Kubernetes and Istio where we run a set of services. Each of our services have an istio-sidecar and a REST-api. What we would like is that whenever a service within our setup calls another that the called service knows what…

istio spiffe

asked Sep 25 '19 at 11:48

user1168407

votes

1 answer

Getting java.lang.NoClassDefFoundError for class io.grpc.netty.shaded.io.grpc.netty.NettyChannelBuilder

I am running a jar on spark slave with version spark-2.5.6-bin-hadoop where i am getting this error on submitting the jar Exception occurred while create new JwtSource java.lang.NoClassDefFoundError: Could not initialize class…

apache-spark netty guava spiffe

asked Jul 12 '23 at 16:46

anand

votes

1 answer

Spiffe error while deploying client-agent pods

I am using this guide for deploying Spiffe on K8s Cluster "https://spiffe.io/docs/latest/try/getting-started-k8s/" One of the steps in this process is running the command "kubectl apply -f client-deployment.yaml" which deploys spiffe client…

kubernetes amazon-eks sleep spiffe

asked Dec 18 '22 at 10:02

Shubham Gupta

votes

0 answers

mTLS between services running inside and outside a mesh using Istio's trust chain

I understand that I can configure Istio for its Citadel component to use a root x509 certificate + private key that I provide. Can I extend this system in a way that I also use the same root to issue certificates to legacy workloads running in the…

istio envoyproxy mtls spiffe

asked Jul 07 '22 at 15:59

CppNoob

2,322
1
24
35

votes

1 answer

Istio metrics destination unknown

Scenario Istio version 1.5.0 ontop of EKS 1.14. Enabled components: Base Pilot NOTE Istio 1.5.0 deprecates Mixer, moved to telemetry v2, which happens inside the envoy proxy sidecar. I want to use Istio to support some metrics out of the…

istio envoyproxy spiffe

asked Mar 28 '20 at 03:07

Tran Triet

1,257
2
16
34

votes

2 answers

Can SPIFFE/SPIRE Server be installed on GKE's any node?

Can SPIFFE/SPIRE Server be installed on GKE's any node? If yes, one node out of other nodes in cluster will have server and agents both installed. Is it required to have agent running on that node also who is running SPIRE Server? Please explain.

kubernetes google-kubernetes-engine spiffe spiffe-spire

asked Feb 06 '20 at 03:07

Dean Winchester

votes

1 answer

How does Istio implement this spec point of SPIFFE?

In the SPIFFE specification it is stated that Since a workload in its early stages may have no prior knowledge of its identity or whom it should trust, it is very difficult to secure access to the endpoint. As a result, the SPIFFE Workload…

istio spiffe

asked Nov 13 '18 at 05:24

Pasan W.