Giters

azdagron / spiffe-example

Code for various SPIFFE and SPIRE demos

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

SPIFFE examples

This repository contains infrastructure for development and demos as well as automated demos for each SPIRE release

Demonstrations

simple_verification - SVID Verification with Ghostunnel

This demo shows a Ghostunnel connection validating SPIFFE certificates.

rosemary - UNIX Attestation and Ghostunnel Verification

Demonstrates two workloads communicating over mutually authenticated Ghostunnel using SVIDs generated through UNIX attestation by UID.

beatrice - Kubernetes Attestation and Ghostunnel verification

Demonstrates two workloads communicating over mutually authenticated Ghostunnel endpoints using SVIDs automatically provisioned to an attested Kubernetes Pod.

cadfael - AWS Attestation and Envoy Verification

Demonstrates two workloads communicating via mutually authenticated Envoys using SVIDs generated through AWS instance attestation.

drew - Server and Agent Scale and Performance

Demonstrates 100 workloads on 100 servers managed by one spire-server

dupin - nginx with SPIFFE support

Demonstrates the use of the SPIFFE Workload API to automatically get X.509 certificates natively in nginx, with no helper. Connections are accepted or rejected based on allowed SPIFFE IDs.

java-spiffe - java with SPIFFE support

Demonstrates the use of the SPIFFE Workload API to dynamically update the X509 certificates of a custom KeyStore in a Java Security Provider. Connections are established using mTLS validating SPIFFE IDs

java-keystore-tomcat - Tomcat using a SPIFFE based KeyStore

Demonstrates two Tomcats using a SPIFFE based KeyStore and TrustStore that handles SVID certificates that gets from the WorkloadAPI. Connections are established using mTLS validating SPIFFE IDs.

java-spiffe-federation-jboss - JBOSS and NGINX on Federated Trust Domains

Shows a Federation scenario with two trust-domains, one having a JBOSS Wildfly Server connecting to a PostgreSQL database proxied by a NGNIX running on the other trust-domain.

Infrastructure

vagrant_k8s - Local Kubernetes with Vagrant

Creates a Kubernetes master and >=1 node in separate Vagrant VMs.

vagrant_db - Local MariaDB "bare metal" with Vagrant

ec2 - AWS EC2 with Terraform

Provisions a VPC with three EC2 instances with proper IAM instance roles for the aws-resolver plugin.

About

Code for various SPIFFE and SPIRE demos

Languages

Language:Java 23.6%Language:Shell 22.2%Language:HCL 15.5%Language:Dockerfile 14.2%Language:Go 7.4%Language:Python 6.9%Language:Makefile 4.9%Language:Ruby 2.7%Language:HTML 1.3%Language:Roff 1.2%