Hello, and welcome to SPIRE examples!
This repository houses various SPIFFE/SPIRE deployment and integration examples. All examples are self contained, and come with instructions on how to use them.
The SPIRE project is growing rapidly, and new features are released often. In order to ensure the accuracy of accompanying documentation, each example is written against a specific version of SPIRE. All examples are regularly tested against the stated SPIRE version, but are likely to work with newer versions as well.
Examples showing how SPIRE integrates with Envoy.
- Envoy SDS Integration with SPIRE 1.5.1 Use SPIRE to deliver and rotate X509-SVIDs for Envoy
Examples showing how to deploy SPIRE on Kubernetes. There are several configuration possibilities.
- Simple SAT with SPIRE 1.5.1 - This is a simple configuration using the Kubernetes service account token (SAT) attestor that deploys SPIRE server as a StatefulSet and SPIRE agent as a DaemonSet.
- Simple PSAT with SPIRE 1.5.1 - This is a simple configuration using the Kubernetes projected service account token (PSAT) attestor that otherwise deploys SPIRE as in the Simple SAT example.
- Postgres with SPIRE 1.5.1 - This expands on the Simple SAT configuration by moving the SPIRE datastore into a Postgres StatefulSet. The SPIRE server is now a stateless Deployment that can be scaled.
- Kustomize with SPIRE 1.5.1 - A set of SPIRE examples using Kustomize as shown at the SPIFFE Community Day in May 2019.
Examples showing how to deploy SPIRE on Amazon EKS.
- EKS-based SAT with SPIRE 1.5.1 - This slightly modifies the Kubernetes Simple SAT configuration to make it compatible with EKS platform.
Examples showing how to start up SPIRE services using SystemD
- SystemD SPIRE services managed by SystemD
If you have any questions on the above examples, or anything else related to deploying or maintaining SPIRE, please feel free to either open an issue or ask in #help on our Slack.