The Bottom Turtle Reference Architecture(s) #5206
Comments
|
For sake of discussion, what could be done with a set of RPI's with some kind of TPM, like: |
|
Kubelet is gaining the ability to refresh server certs, merged but not released yet: client auth can be done via jwt token. No updating of CA's yet though. |
|
Thank you for raising this. I'm currently exploring alongside others the possibilities of using OpenTitan as the silicon root of trust to anchor and bootstrap trust. Although my exploration is ongoing, I'm eager to collaborate and share my findings. |
I'm confused about the focus of the request, as using Raspberry PI TPMs is a deployment detail, not an architecture (at least in my mind). If support for the "Infineon Optiga™ SLB 9670 TPM 2.0" is missing, and a pre-requisite for this effort, please consider handling that missing pre-req in a different issue (and linking the two). |
|
@edwbuck For example, see: They go all the way down to an example of workable hardware in their reference. The general idea being, reference architectures should be implementable. Having a concrete, working example helps test/prove it works. |
|
Thank you, @kfox1111, for raising this issue! I agree that having a documented reference architecture to use SPIRE as the bottom turtle would be great to have. Additionally, providing a concrete, working example that includes all components would be highly beneficial as it ensures reproducibility. I think that it is important, however, to clearly differentiate between example-specific choices and general recommendations. I personally think that this reference should ideally mention alternative options where appropriate and explicitly state what has been tested. From the points mentioned in the description, I believe the first point, 'One or more examples, from the ground up, that can establish the bottom turtle(s) in an internet-disconnected environment,' is probably the most important to start with? If you agree, we could begin by scoping out what this would entail. For instance, should it be purely documentation, or should we include a fully working example with automated steps, etc. It appears that there are several individuals interested in contributing to this effort. Defining the specific environment and components of this first instance of a reference architecture seems to be the first step. |
Yeah, that sounds good to me. I'm thinking purely documentation, at least initially. I'm also thinking something like a RPI for it, or one of the initial examples. They are cheep, and relatively easily obtained for anyone wanting to play with them at home. |
It should be possible to use SPIRE as the bottom turtle for security. In order to do so, there has to be one or more deploy-able, maintainable, scalable, fault tolerant, and documented SPIRE architectures that do not rely on 3rd party roots of trust as part of the network communications/attestations.
The easiest to use multinode setup currently is the helm charts. The helm chart project has multiple documented reference architectures for SPIRE. But all of them rely on the Kubernetes clusters preestablished control plane/node trust. So SPIRE isn't the bottom turtle in those environments. The K8s CA is.
We need:
Other considerations:
The text was updated successfully, but these errors were encountered: