csi-driver-spiffe

csi-driver-spiffe is a Container Storage Interface (CSI) driver plugin for Kubernetes, designed to work alongside cert-manager.

It transparently delivers SPIFFE SVIDs (in the form of X.509 certificate key pairs) to mounting Kubernetes Pods.

The end result is that any and all Pods running in Kubernetes can securely request a SPIFFE identity document from a Trust Domain with minimal configuration.

These documents in turn have the following properties:

automatically renewed ✔️
private key never leaves the node's virtual memory ✔️
each Pod's document is unique ✔️
the document shares the same life cycle as the Pod and is destroyed on Pod termination ✔️

...
          volumeMounts:
          - mountPath: "/var/run/secrets/spiffe.io"
            name: spiffe
      volumes:
        - name: spiffe
          csi:
            driver: spiffe.csi.cert-manager.io
            readOnly: true

SPIFFE documents can then be used by Pods for mutual TLS (mTLS) or other authentication within their Trust Domain.

Documentation

Please follow the documentation at cert-manager.io for installing and using csi-driver-spiffe.

Name		Name	Last commit message	Last commit date
Latest commit History 229 Commits
.github		.github
cmd		cmd
deploy		deploy
design		design
internal		internal
make		make
test/e2e		test/e2e
.gitignore		.gitignore
.golangci.yaml		.golangci.yaml
CONTRIBUTING.md		CONTRIBUTING.md
LICENSE		LICENSE
Makefile		Makefile
OWNERS		OWNERS
OWNERS_ALIASES		OWNERS_ALIASES
README.md		README.md
SECURITY.md		SECURITY.md
go.mod		go.mod
go.sum		go.sum
klone.yaml		klone.yaml

License

otterize/csi-driver-spiffe

Folders and files

Latest commit

History

Repository files navigation

csi-driver-spiffe

Documentation

About

Resources

License

Stars

Watchers

Forks

Languages