Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/cert-manager/csi-driver-spiffe
A Kubernetes CSI plugin to automatically mount SPIFFE certificates to Pods using ephemeral volumes
https://github.com/cert-manager/csi-driver-spiffe
Last synced: about 1 month ago
JSON representation
A Kubernetes CSI plugin to automatically mount SPIFFE certificates to Pods using ephemeral volumes
- Host: GitHub
- URL: https://github.com/cert-manager/csi-driver-spiffe
- Owner: cert-manager
- License: apache-2.0
- Created: 2021-10-04T09:25:03.000Z (about 3 years ago)
- Default Branch: main
- Last Pushed: 2024-04-08T21:46:44.000Z (9 months ago)
- Last Synced: 2024-04-14T02:23:09.217Z (8 months ago)
- Language: Go
- Homepage: https://cert-manager.io/docs/usage/csi-driver-spiffe/
- Size: 720 KB
- Stars: 60
- Watchers: 10
- Forks: 15
- Open Issues: 8
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Security: SECURITY.md
Awesome Lists containing this project
- awesome-spiffe-spire - cert-manager csi-driver-spiffe
README
# csi-driver-spiffe
csi-driver-spiffe is a Container Storage Interface (CSI) driver plugin for
Kubernetes, designed to work alongside [cert-manager](https://cert-manager.io/).It transparently delivers [SPIFFE](https://spiffe.io/) [SVIDs](https://spiffe.io/docs/latest/spiffe-about/spiffe-concepts/#spiffe-verifiable-identity-document-svid)
(in the form of X.509 certificate key pairs) to mounting Kubernetes Pods.The end result is that any and all Pods running in Kubernetes can securely request
a SPIFFE identity document from a Trust Domain with minimal configuration.These documents in turn have the following properties:
- automatically renewed ✔️
- private key never leaves the node's virtual memory ✔️
- each Pod's document is unique ✔️
- the document shares the same life cycle as the Pod and is destroyed on Pod termination ✔️```yaml
...
volumeMounts:
- mountPath: "/var/run/secrets/spiffe.io"
name: spiffe
volumes:
- name: spiffe
csi:
driver: spiffe.csi.cert-manager.io
readOnly: true
```SPIFFE documents can then be used by Pods for mutual TLS (mTLS) or other authentication within their Trust Domain.
## Documentation
Please follow the documentation at [cert-manager.io](https://cert-manager.io/docs/projects/csi-driver-spiffe/)
for installing and using csi-driver-spiffe.## Release Process
The release process is documented in [RELEASE.md](RELEASE.md).