Workload Identity Part 1: Introduction to SPIFFE and SPIRE

Описание: A workload is a single piece of software, deployed with a particular configuration for a single purpose; it may comprise multiple running instances of software, all of which perform the same task. A workload identity is a way for a workload to prove who it is and prove its authenticity to other workloads. Historically IP addresses were the standard way to identify workloads, however, in the modern and dynamic world of microservices and cloud architecture, IPs are no longer a practical method of identifying workloads. Additionally, managing a large number of workload identities across heterogeneous environments in a secure and timely manner is highly challenging. The Secure Production Identity Framework for Everyone (SPIFFE), is a set of open-source standards for creating workload identities that resolve the aforementioned challenges. SPIRE is a production-ready implementation of the SPIFFE APIs that performs node and workload attestation in order to securely issue workload identities. In this video, we will go over SPIFFE and SPIRE architecture.

Scripts: https://github.com/gary-RR/myYouTube_...

Timecodes
0:00 -Intro (Workload and Workload Identity).
4:02 -Introduction to Secure Production Identity Framework for Everyone (SPIFFE).
5:39 -SPIFFE Components.
9:28 -SPIFFE Runtime Environment(SPIRE) Architecture.
11:14 -SPIRE Server.
17:00 -SPIRE Agent.
18:57 -Complete SPIFFE/SPIRE Lifecycle Walkthrough and Visualization (Kubernetes environment focused).
31:52 -Demos.

My Other Videos:
► Encrypt Client Communication to Kubernetes Services Leveraging Cert-Manage and Let’s Encrypt
   • Encrypt Client Communication to Kubernetes...  
►Kubernetes Security, Part 4: Kubernetes Authentication (Part B: Open ID Connect Auth)
   • Kubernetes Security, Part 4: Kubernetes Au...  
►Kubernetes Security, Part 3: Kubernetes Auth (Part A: Overview and X509 Client Certificate auth)
   • Kubernetes Security, Part 3: Kubernetes Au...  
►Kubernetes Security, Part 2: Managing POD Run Time Security
   • Kubernetes Security, Part 2: Managing POD ...  
► Istio Ambient Service Mesh
   • Istio Ambient Service Mesh  
► Kubernetes Security, Part 1: Kubernetes Security Overview and Role Based Access Control (RBAC) in Detail
   • Kubernetes Security, Part 1: Kubernetes Se...  
► Cilium Service Mesh
   • Cilium Service Mesh  
► Cilium Kubernetes CNI Provider: Part 4, IP Routing Modes (Direct and Encapsulated)
   • Cilium Kubernetes CNI Provider: Part 4, IP...  
► Cilium Kubernetes CNI Provider, Part 3: Cluster Mesh
   • Cilium Kubernetes CNI Provider, Part 3: Cl...  
►Cilium Kubernetes CNI Provider, Part 2: Security Policies and Observability Leveraging Hubble
   • Cilium Kubernetes CNI Provider, Part 2: Se...  
► Cilium Kubernetes CNI Provider, Part 1: Overview of eBPF and Cilium and the Installation Process    • Cilium Kubernetes CNI Provider, Part 1: Ov...  
► What is VXLAN and How It is Used as an Overlay Network in Kubernetes?
   • What is VXLAN and How It is Used as an Ove...  
► Managing Linux Log-ins, Users, and Machines in Active Directory (AD): Part 2- Join Linux Machines to AD:
   • Managing Linux Logins, Users, and Machines...  
► Managing Linux Log-ins, Users, and Machines in Active Directory (AD): Part 1- Setup AD:
   • Managing Linux Logins, Users, and Machines...  
► Sharing Resources between Windows and Linux:
   • Sharing Resources between Windows and Linux  
► Kubernetes kube-proxy Modes: iptables and ipvs, Deep Dive:
   • Kubernetes kube-proxy Modes: iptables and ...  
►Kubernetes: Configuration as Data: Environment Variables, ConfigMaps, and Secrets:
   • Kubernetes: Configuration as Data: Environ...  
►Configuring and Managing Storage in Kubernetes:
   • Configuring and Managing Storage (volumes)...  
► Istio Service Mesh – Securing Kubernetes Workloads:
   • Istio Service Mesh – Securing Kubernetes W...  
► Istio Service Mesh – Intro
   • Istio Service Mesh (sidecar-based)- Intro  
► Understanding Kubernetes Networking. Part 6: Calico Network Policies:
   • Understanding Kubernetes Networking. Part ...  
► Understanding Kubernetes Networking. Part 5: Intro to Kubernetes Network Policies:
   • Understanding Kubernetes Networking. Part ...  
► Understanding Kubernetes Networking. Part 4: Kubernetes Services:
   • Kubernetes services - (Understanding Kuber...  
► Understanding Kubernetes Networking Part 3: Calico Kubernetes CNI Provider in depth:
   • Understanding Kubernetes Networking Part 3...  
► Understanding Kubernetes Networking. Part 2: POD Network, CNI, and Flannel CNI: Plug-in:
   • Understanding Kubernetes Networking. Part ...  
►Understanding Kubernetes Networking. Part 1: Container Networking:
   • Видео  
► Setup a Linux-Windows (Calico based) Hybrid Kubernetes Cluster to Host .NET Containers:
   • Setup a Linux-Windows (Calico based) Hybri...  
► A Docker and Kubernetes tutorial for beginners:
A Docker and Kubernetes tutorial for beginners. - YouTube
► Setup a "Docker-less" Multi-node Kubernetes Cluster on Ubuntu Server:
   • Setup a "Docker-less" Multi-node Kubernete...  
►Step by Step Instructions on Setting up Multi-Node Kubernetes Cluster on CentOS
   • Step by Step Instructions on Setting up a ...  
►Setup and Configure CentOS Linux Server on A Windows 10 Hypervisor
   • Setup and Configure CentOS Linux Server on...