-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
handle enrollment with identity from SPIRE agent #112
Comments
So I came across this issue when googling for ziti + spire, and while I don't have specific ideas about the ziti integration with spire I am aware of some tooling around solving the issue of getting the spire identities into pods. There is also a new kubernetes built-in for distributing and housekeeping certs: I'm very much in the thick of things and haven't had time to investigate fully into either of these solutions but I think they might be good candidates. Also I think the second option I posted could potentially replace the Cert-Manager-Trust Operator (forgive me if that is not the correct name). |
We need to know the best way to inject an identity from SPIRE to a pod. One way is to run
spire-agent
in the container. There may be a SPIRE Operator we can use.Once the best way is identified we need to handle that identity during
ziti-host
pod startup to establish a pattern for charts that represent an endpoint (SDK or tunneler).This could mean conditionally performing the external CA enrollment with the external CA JWT and the cert and key provided by SPIRE.
The text was updated successfully, but these errors were encountered: