Skip to content

Files

Failed to load latest commit information.

Latest commit

 Cannot retrieve latest commit at this time.

History

History

example

README.md

SPIFFE CSI Driver Example

This example demonstrates how to deploy the SPIFFE CSI Driver into a Kubernetes cluster and how to consume the Workload API Unix Domain Socket it provides from a SPIFFE-aware workload.

Prerequisites

Steps

  1. Start a Kubernetes cluster via Kind:

    $ kind create cluster
    
  2. Build the example workload image and load it into Kind:

    $ ./build-and-load-workload-image.sh
    
  3. Deploy SPIRE and the SPIFFE CSI Driver (which resides in the same DaemonSet as the SPIRE Agent):

    $ ./deploy-spire-and-csi-driver.sh
    
  4. Register the example workload with SPIRE Server:

    $ ./register-workload.sh
    
  5. Deploy the workload:

    $ kubectl apply -f config/workload.yaml
    
  6. Check the workload logs to see the update received over the Workload API:

    $ kubectl logs pod/example-workload
    

    You should see something like:

    2021/11/23 18:46:33 Update:
    2021/11/23 18:46:33   SVIDs:
    2021/11/23 18:46:33     spiffe://example.org/workload
    2021/11/23 18:46:33   Bundles:
    2021/11/23 18:46:33     example.org (1 authorities)
    
  7. Delete the Kubernetes cluster:

    $ kind delete cluster