Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

spiffe support #1570

Open
olix0r opened this issue Aug 8, 2017 · 4 comments
Open

spiffe support #1570

olix0r opened this issue Aug 8, 2017 · 4 comments

Comments

@olix0r
Copy link
Member

olix0r commented Aug 8, 2017

now that linkerd supports client certs, it should be pretty straightforward to instrument spiffe support
@rmichela
Copy link
Contributor

rmichela commented Aug 8, 2017

The SPIFFE SVID client certificate specification can be found at https://github.com/spiffe/svid/blob/master/SPECIFICATION.md

@rmichela
Copy link
Contributor

rmichela commented Aug 8, 2017

In addition to validating SVID client certs, it would be great if Linkerd could populate the x-forwarded-client-cert header when proxying an incoming request to the supporting service. x-forwarded-client-cert would allow services to make detailed authorization decisions using the SPIFFE ID from the client certificate.

https://lyft.github.io/envoy/docs/configuration/http_conn_man/headers.html#x-forwarded-client-cert

@rmichela rmichela mentioned this issue Aug 16, 2017
Closed
Tim-Brooks pushed a commit to Tim-Brooks/linkerd that referenced this issue Dec 20, 2018
@klingerf
Add data plane check to validate proxies are ready (linkerd#1570)
c7a79da 
Signed-off-by: Kevin Lingerfelt <[email protected]>
@rbtcollins rbtcollins mentioned this issue Jul 9, 2020
Closed
@nathanawmk
Copy link

Is SPIFFE and/or SVID now integrated into Linkerd?

@cpretzer
Copy link
Contributor

There's no native integration for Linkerd 1 or Linkerd 2. Linkerd 1 has a plug-in system that would enable you to write code to integrate with SPIFFE/SVID

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@rmichela @olix0r @cpretzer @nathanawmk