The code in this repository is no longer maintained and is retained for historical purposes. For more information on how to use SPIRE with Kubernetes, please see the Getting Started Guide for Kubernetes.
This repo contains code and artifacts to integrate SPIRE and Kubernetes.
Integration goals include:
- Automatic injection of SPIRE sidecar containers in workloads deployed in the Kubernetes cluster
- Automatic mounting of a hostpath volume in sidecar container with a UDS where the workload API is exposed
- Automatic programming of entries in the SPIRE server for new workloads
- Establishing trust between SPIRE agent and SPIRE server using a Kubernetes-signed identity document
The design is being discussed in this document
src/spire-k8s/skbridge skbridge prototype
src/spire-k8s/node-attestor/ node attestor prototype
k8s-configs Kubernetes artifacts (webhook, csr roles, etc.)
keys Pre-generated keys, certificates, etc. to ease deployment
docs notes and instructions for each component