You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Feb 6, 2022. It is now read-only.
Congrats on the project guys. Istio auth looks like something incredibly relevant to what we're doing: building trust between microservices using TLS certs. In our approach we're using Vault as an issuer of short-lived certs for auth within and across our kubernetes clusters.
I was wondering whether the auth across k8s that you're planning will require federation of kubernetes clusters or whether it can be done through pure trust of the CA cert chained that the auth manager is using to issue stuff?
@mwitkow , thanks for your interest. Auth across k8s is a difficult problem. Essentially we need to figure out a way to build up trust train between cluster CAs to make clusters be able to talk to each other.
@mwitkow FYI federated auth for Istio (independent of cluster federation) and the necessary bootstrapping of trust is a goal of the SPIFFE project (see https://spiffe.io/) that several folks on the istio/auth team are contributing to. Feel free to reach out to andrew AT scytale.io if you want to learn more.
This is a tracking issue to enable service to service authorization at cluster level
The text was updated successfully, but these errors were encountered: