This example demonstrates how to deploy the SPIFFE CSI Driver into a Kubernetes cluster and how to consume the Workload API Unix Domain Socket it provides from a SPIFFE-aware workload.
-
Start a Kubernetes cluster via Kind:
$ kind create cluster -
Build the example workload image and load it into Kind:
$ ./build-and-load-workload-image.sh -
Deploy SPIRE and the SPIFFE CSI Driver (which resides in the same DaemonSet as the SPIRE Agent):
$ ./deploy-spire-and-csi-driver.sh -
Register the example workload with SPIRE Server:
$ ./register-workload.sh -
Deploy the workload:
$ kubectl apply -f config/workload.yaml -
Check the workload logs to see the update received over the Workload API:
$ kubectl logs pod/example-workloadYou should see something like:
2021/11/23 18:46:33 Update: 2021/11/23 18:46:33 SVIDs: 2021/11/23 18:46:33 spiffe://example.org/workload 2021/11/23 18:46:33 Bundles: 2021/11/23 18:46:33 example.org (1 authorities) -
Delete the Kubernetes cluster:
$ kind delete cluster