You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We need to know the best way to inject an identity from SPIRE to a pod. One way is to run spire-agent in the container. There may be a SPIRE Operator we can use.
Once the best way is identified we need to handle that identity during ziti-host pod startup to establish a pattern for charts that represent an endpoint (SDK or tunneler).
This could mean conditionally performing the external CA enrollment with the external CA JWT and the cert and key provided by SPIRE.
The text was updated successfully, but these errors were encountered:
So I came across this issue when googling for ziti + spire, and while I don't have specific ideas about the ziti integration with spire I am aware of some tooling around solving the issue of getting the spire identities into pods.
One option is the spiffe-helper: https://github.com/spiffe/spiffe-helper
which I would imagine is probably the ideal solution.
I'm very much in the thick of things and haven't had time to investigate fully into either of these solutions but I think they might be good candidates. Also I think the second option I posted could potentially replace the Cert-Manager-Trust Operator (forgive me if that is not the correct name).
We need to know the best way to inject an identity from SPIRE to a pod. One way is to run
spire-agent
in the container. There may be a SPIRE Operator we can use.Once the best way is identified we need to handle that identity during
ziti-host
pod startup to establish a pattern for charts that represent an endpoint (SDK or tunneler).This could mean conditionally performing the external CA enrollment with the external CA JWT and the cert and key provided by SPIRE.
The text was updated successfully, but these errors were encountered: