CloudNativeSecurityCon North America 2024

The SPIFFE ecosystem is starting to grow as more projects implement the standard to verify workload identities. In this presentation we will show two of the most recent projects to adopt SPIFFE working together, to show what can be accomplished when projects work with a common standard. Linkerd, a Kubernetes-native service mesh, recently launched a feature for using SPIFFE SVIDs to verify workload identities outside of the mesh and cluster. Teleport provides access control for infrastructure, and has recently adopted SPIFFE to provide workload identity for applications by making SVIDs available over the Workload API. We’ll show a practical example of how to use these projects together to secure a Kubernetes cluster and workloads running outside of the cluster. We will also discuss why the two projects chose to implement SPIFFE, and the benefits of building to this new standard.