Service Mesh mTLS: DelegatedIdentity SPIFFE API #23968
Merged
Commits on Mar 7, 2023
-
Define a CertificateProvider interface
This adds an interface for a hive cell to use that provides the auth package with a way to receive and verify validity of certificates involved. Signed-off-by: Maartje Eyskens <maartje.eyskens@isovalent.com>
-
This adds a dependency on the SPIFFE/SPIRE SDK to be used in the mTLS handling code. Signed-off-by: Maartje Eyskens <maartje.eyskens@isovalent.com>
-
Add Spire delegate API as CertificateProvider
This adds an implementation of the Delegate API of a SPIRE server as a source for certificates to be used in an mTLS handhake. It will connect to the admin socket of a SPIRE agent where it will be able to get the certificates and keys in name of all Cilium workloads which are receiving an SVID from the controller. This is then cached in memory for the auth handler to request. Signed-off-by: Maartje Eyskens <maartje.eyskens@isovalent.com>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.