-
Epic
-
Resolution: Obsolete
-
Major
-
None
-
None
Provide federated identity management and new types of workload attestation through the integration with SPIRE. This does not include productisation of SPIRE yet, we're only adding necessary config options, code changes and documentation.
ACs:
- Workload certificates are provided by SPIRE through SDS
- When establishing a federation, root certificates have to be exchanged
- No hostPath mounts are being used by workload pods
- All unit, integration and acceptance tests pass
- relates to
-
MAISTRA-2316 Communicate cert chains automatically
-
- Backlog
-
1.
|
Generate SPIFFE ID for Envoy |
|
New | 
|
Unassigned |
2.
|
Integration with Istio/Envoy |
|
New |
|
Unassigned |
3.
|
Injection of SDS plugin |
|
New |
|
Unassigned |
4.
|
Workload usage without special permissions |
|
In Progress |
|
Brian Avery (Inactive) |
5.
|
Workload Registration |
|
New |
|
Unassigned |
6.
|
Deployment of Spire/SPIFFE node and cluster agent |
|
New |
|
Unassigned |
7.
|
Fix SPIFFE ID |
|
New |
|
Unassigned |
8.
|
isolation of tenants |
|
New |
|
Unassigned |
9.
|
transfer of trust bundles for federation |
|
New |
|
Unassigned |
10.
|
multiple trust bundles |
|
New |
|
Unassigned |