A workload is a single piece of software, deployed with a particular configuration for a single purpose; it may comprise multiple running instances of software, all of which perform the same task. A workload identity is a way for a workload to prove who it is and prove its authenticity to other workloads. Historically IP addresses were the standard way to identify workloads, however, in the modern and dynamic world of microservices and cloud architecture, IPs are no longer a practical method of identifying workloads. Additionally, managing a large number of workload identities across heterogeneous environments in a secure and timely manner is highly challenging. The Secure Production Identity Framework for Everyone (SPIFFE), is a set of open-source standards for creating workload identities that resolve the aforementioned challenges. SPIRE is a production-ready implementation of the SPIFFE APIs that performs node and workload attestation in order to securely issue workload identities. In this video, we will go over SPIFFE and SPIRE architecture.
Scripts: https://github.com/gary-RR/myYouTube_video_SPIFFE_SPIRE
Timecodes
0:00 -Intro (Workload and Workload Identity).
4:02 -Introduction to Secure Production Identity Framework for Everyone (SPIFFE).
5:39 -SPIFFE Components.
9:28 -SPIFFE Runtime Environment(SPIRE) Architecture.
11:14 -SPIRE Server.
17:00 -SPIRE Agent.
18:57 -Complete SPIFFE/SPIRE Lifecycle Walkthrough and Visualization (Kubernetes environment focused).
31:52 -Demos.
My Other Videos:
► Encrypt Client Communication to Kubernetes Services Leveraging Cert-Manage and Let’s Encrypt
https://youtu.be/pXEFZYl2Gu0
►Kubernetes Security, Part 4: Kubernetes Authentication (Part B: Open ID Connect Auth)
https://youtu.be/M9KABid_sCY
►Kubernetes Security, Part 3: Kubernetes Auth (Part A: Overview and X509 Client Certificate auth)
https://youtu.be/WZvPIoUyErM
►Kubernetes Security, Part 2: Managing POD Run Time Security
https://youtu.be/NNE9whCTp0g
► Istio Ambient Service Mesh
https://youtu.be/WPLVvwPGJvw
► Kubernetes Security, Part 1: Kubernetes Security Overview and Role Based Access Control (RBAC) in Detail
https://youtu.be/Qwkix9z8ywU
► Cilium Service Mesh
https://www.youtube.com/watch?v=-o6E8bYj-xw
► Cilium Kubernetes CNI Provider: Part 4, IP Routing Modes (Direct and Encapsulated)
https://youtu.be/j2aox7K-7wU
► Cilium Kubernetes CNI Provider, Part 3: Cluster Mesh
https://youtu.be/gkrPt0ZcCfo
►Cilium Kubernetes CNI Provider, Part 2: Security Policies and Observability Leveraging Hubble
https://youtu.be/5EcVrm01rAU
► Cilium Kubernetes CNI Provider, Part 1: Overview of eBPF and Cilium and the Installation Process https://youtu.be/aLq3O3l2LF4
► What is VXLAN and How It is Used as an Overlay Network in Kubernetes?
https://youtu.be/WMLSD2y2Ig4
► Managing Linux Log-ins, Users, and Machines in Active Directory (AD): Part 2- Join Linux Machines to AD:
https://youtu.be/1tgqdz3lw-k
► Managing Linux Log-ins, Users, and Machines in Active Directory (AD): Part 1- Setup AD:
https://youtu.be/ftxxO381-_Q
► Sharing Resources between Windows and Linux:
https://youtu.be/MzHX6eUlZfs
► Kubernetes kube-proxy Modes: iptables and ipvs, Deep Dive:
https://youtu.be/lkXLsD6-4jA
►Kubernetes: Configuration as Data: Environment Variables, ConfigMaps, and Secrets:
https://youtu.be/mjcNIaRDAsc
►Configuring and Managing Storage in Kubernetes:
https://youtu.be/U11YjaRvCd4
► Istio Service Mesh – Securing Kubernetes Workloads:
https://youtu.be/GFXjlPBsykM
► Istio Service Mesh – Intro
https://youtu.be/x_HRl-Ehvb8
► Understanding Kubernetes Networking. Part 6: Calico Network Policies:
https://youtu.be/sxB9-td1-F8
► Understanding Kubernetes Networking. Part 5: Intro to Kubernetes Network Policies:
https://youtu.be/vjhA9TJWw-k
► Understanding Kubernetes Networking. Part 4: Kubernetes Services:
https://youtu.be/BZk2HUKsxAQ
► Understanding Kubernetes Networking Part 3: Calico Kubernetes CNI Provider in depth:
https://youtu.be/vOo__3GqyxM
► Understanding Kubernetes Networking. Part 2: POD Network, CNI, and Flannel CNI: Plug-in:
https://www.youtube.com/watch?v=U35C0EPSwoY
►Understanding Kubernetes Networking. Part 1: Container Networking:
https://www.youtube.com/watch?v=ApeX6IAOfOc
► Setup a Linux-Windows (Calico based) Hybrid Kubernetes Cluster to Host .NET Containers:
https://youtu.be/DMKS43POa5s
► A Docker and Kubernetes tutorial for beginners:
A Docker and Kubernetes tutorial for beginners. - YouTube
► Setup a "Docker-less" Multi-node Kubernetes Cluster on Ubuntu Server:
https://youtu.be/H9YfKliGuUY
►Step by Step Instructions on Setting up Multi-Node Kubernetes Cluster on CentOS
https://www.youtube.com/watch?v=2Tr7hNW02fg
►Setup and Configure CentOS Linux Server on A Windows 10 Hypervisor
https://www.youtube.com/watch?v=CBfJXZitG-o