The code in this repository is no longer maintained and is retained for historical purposes. For more information on how to use SPIRE with Kubernetes, please see the Getting Started Guide for Kubernetes.

This repo contains code and artifacts to integrate SPIRE and Kubernetes.

Integration goals include:

• Automatic injection of SPIRE sidecar containers in workloads deployed in the Kubernetes cluster
• Automatic mounting of a hostpath volume in sidecar container with a UDS where the workload API is exposed
• Automatic programming of entries in the SPIRE server for new workloads
• Establishing trust between SPIRE agent and SPIRE server using a Kubernetes-signed identity document

The design is being discussed in this document

src/spire-k8s/skbridge skbridge prototype

src/spire-k8s/node-attestor/ node attestor prototype

k8s-configs Kubernetes artifacts (webhook, csr roles, etc.)

keys Pre-generated keys, certificates, etc. to ease deployment

docs notes and instructions for each component