11 questions
1
vote
1
answer
258
views
Unable to connect to the postgres from spire server
I have to set up a spire server with postgres database as backend. I am following this document - https://spiffe.io/docs/latest/try/getting-started-k8s.
After the setup the spire server and the spire ...
- 2,277
0
votes
1
answer
740
views
Alternative authentication with SPIFFE/Spire
I'm interested in developing an alternative authentication method for authorizing an agent with Spire, one that involves authenticating the device based on a specific pattern(like the time it takes to ...
0
votes
1
answer
4k
views
Getting java.lang.NoClassDefFoundError for class io.grpc.netty.shaded.io.grpc.netty.NettyChannelBuilder
I am running a jar on spark slave with version spark-2.5.6-bin-hadoop where i am getting this error on submitting the jar
Exception occurred while create new JwtSource
java.lang.NoClassDefFoundError: ...
- 1
1
vote
0
answers
347
views
Azure AD workload identity federation with SPIFFE and SPIRE
I'm working on a demo to demonstrate Azure AD workload identity federation with SPIFFE and SPIRE. Following this blog. All the steps worked except the verification step. In the verification step - it ...
- 48
0
votes
1
answer
245
views
Spiffe error while deploying client-agent pods
I am using this guide for deploying Spiffe on K8s Cluster "https://spiffe.io/docs/latest/try/getting-started-k8s/"
One of the steps in this process is running the command "kubectl apply ...
0
votes
0
answers
492
views
mTLS between services running inside and outside a mesh using Istio's trust chain
I understand that I can configure Istio for its Citadel component to use a root x509 certificate + private key that I provide. Can I extend this system in a way that I also use the same root to issue ...
- 2,430
2
votes
2
answers
1k
views
How to implement role-based auth with SPIFFE/SPIRE?
I'm in the process of vetting a move to service mesh. While Istio and Consul Connect are certainly still in the cards, I'm leaning towards building up from a bit lower level with Linkerd and SPIFFE/...
- 1,011
0
votes
1
answer
2k
views
Istio metrics destination unknown
Scenario
Istio version 1.5.0 ontop of EKS 1.14.
Enabled components:
Base
Pilot
NOTE Istio 1.5.0 deprecates Mixer, moved to telemetry v2, which happens inside the envoy proxy sidecar.
I want to use ...
- 1,359
0
votes
2
answers
498
views
Can SPIFFE/SPIRE Server be installed on GKE's any node?
Can SPIFFE/SPIRE Server be installed on GKE's any node? If yes, one node out of other nodes in cluster will have server and agents both installed. Is it required to have agent running on that node ...
- 362
1
vote
2
answers
2k
views
Setting a custom call source header with Istio
I have a setup using Kubernetes and Istio where we run a set of services. Each of our services have an istio-sidecar and a REST-api. What we would like is that whenever a service within our setup ...
- 31
0
votes
1
answer
844
views
How does Istio implement this spec point of SPIFFE?
In the SPIFFE specification it is stated that
Since a workload in its early stages may have no prior knowledge of
its identity or whom it should trust, it is very difficult to secure
access to ...
- 712
