Skip to content
This repository has been archived by the owner on Feb 6, 2022. It is now read-only.

Service-service auth across K8s cluster #41

Open
jasminejaksic-zz opened this issue Mar 13, 2017 · 3 comments
Open

Service-service auth across K8s cluster #41

jasminejaksic-zz opened this issue Mar 13, 2017 · 3 comments
Assignees
Milestone

Comments

@jasminejaksic-zz
Copy link

This is a tracking issue to enable service to service authorization at cluster level

@jasminejaksic-zz jasminejaksic-zz added this to the Auth Beta milestone Mar 13, 2017
@lookuptable lookuptable assigned lookuptable and myidpt and unassigned myidpt Mar 13, 2017
@wattli wattli self-assigned this Mar 17, 2017
@mwitkow
Copy link

mwitkow commented May 25, 2017

hi guys,

Congrats on the project guys. Istio auth looks like something incredibly relevant to what we're doing: building trust between microservices using TLS certs. In our approach we're using Vault as an issuer of short-lived certs for auth within and across our kubernetes clusters.

I was wondering whether the auth across k8s that you're planning will require federation of kubernetes clusters or whether it can be done through pure trust of the CA cert chained that the auth manager is using to issue stuff?

@wattli
Copy link
Contributor

wattli commented May 25, 2017

@mwitkow , thanks for your interest. Auth across k8s is a difficult problem. Essentially we need to figure out a way to build up trust train between cluster CAs to make clusters be able to talk to each other.

@ajessup
Copy link
Contributor

ajessup commented May 26, 2017

@mwitkow FYI federated auth for Istio (independent of cluster federation) and the necessary bootstrapping of trust is a goal of the SPIFFE project (see https://spiffe.io/) that several folks on the istio/auth team are contributing to. Feel free to reach out to andrew AT scytale.io if you want to learn more.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

6 participants