csi-driver-spiffe

csi-driver-spiffe is a Container Storage Interface (CSI) driver plugin for Kubernetes, designed to work alongside cert-manager.

It transparently delivers SPIFFE SVIDs (in the form of X.509 certificate key pairs) to mounting Kubernetes Pods.

The end result is that any and all Pods running in Kubernetes can securely request a SPIFFE identity document from a Trust Domain with minimal configuration.

These documents in turn have the following properties:

automatically renewed ✔️
private key never leaves the node's virtual memory ✔️
each Pod's document is unique ✔️
the document shares the same life cycle as the Pod and is destroyed on Pod termination ✔️

...
          volumeMounts:
          - mountPath: "/var/run/secrets/spiffe.io"
            name: spiffe
      volumes:
        - name: spiffe
          csi:
            driver: spiffe.csi.cert-manager.io
            readOnly: true

SPIFFE documents can then be used by Pods for mutual TLS (mTLS) or other authentication within their Trust Domain.

Documentation

Please follow the documentation at cert-manager.io for installing and using csi-driver-spiffe.

Name	Name	Last commit message	Last commit date
Latest commit amitlicht Merge pull request #3 from otterize/dependabot/go_modules/github.com/… Nov 25, 2024 a19eb82 · Nov 25, 2024 History 231 Commits
.github	.github	add go module and replace oci-image with oci-build and oci-publish	Mar 27, 2024
cmd	cmd	WIP	Oct 4, 2021
deploy	deploy	BOT: run 'make upgrade-klone' and 'make generate'	Mar 12, 2024
design	design	Add design for runtime configuration of issuers	Feb 22, 2024
internal	internal	fix staticcheck linter	Mar 27, 2024
make	make	BOT: run 'make upgrade-klone' and 'make generate'	Apr 8, 2024
test/e2e	test/e2e	fix staticcheck linter	Mar 27, 2024
.gitignore	.gitignore	migrate makefiles and CI/CD	Jan 10, 2024
.golangci.yaml	.golangci.yaml	remove unnecessary rules exclusions	Apr 4, 2024
CONTRIBUTING.md	CONTRIBUTING.md	WIP 3	Oct 4, 2021
LICENSE	LICENSE	BOT: run 'make upgrade-klone' and 'make generate'	Jan 18, 2024
Makefile	Makefile	BOT: run 'make upgrade-klone' and 'make generate'	Feb 26, 2024
OWNERS	OWNERS	chore: add thatsmrtalbot as reviewer	Jan 24, 2024
OWNERS_ALIASES	OWNERS_ALIASES	BOT: run 'make upgrade-klone' and 'make generate'	Jan 18, 2024
README.md	README.md	match website#1171 in README	Jan 25, 2023
SECURITY.md	SECURITY.md	Update links to cert-maanger/cert-manager in SECURITY.md and	Apr 30, 2022
go.mod	go.mod	Bump github.com/cert-manager/cert-manager from 1.14.4 to 1.15.4	Nov 20, 2024
go.sum	go.sum	Bump github.com/cert-manager/cert-manager from 1.14.4 to 1.15.4	Nov 20, 2024
klone.yaml	klone.yaml	BOT: run 'make upgrade-klone' and 'make generate'	Apr 8, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

csi-driver-spiffe

Documentation

About

Releases

Packages

Languages

License

otterize/csi-driver-spiffe

Folders and files

Latest commit

History

Repository files navigation

csi-driver-spiffe

Documentation

About

Resources

License

Security policy

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages