[Re-Cap] SPIFFE Community Day: Spring 2019

Over the past few months, we’ve watched the SPIFFE and SPIRE projects grow in popularity and maturity as more and more organizations look at these projects to deliver service identity for cloud- and container-deployed services. The SPIFFE slack channel has gained over 100 new members since the last community day in November. By many measures from the number of public forks to contributors, the project has roughly doubled in the last 12 months.

Last Friday Pinterest and Scytale hosted the May 2019 SPIFFE Community Day. In addition to project updates, this event featured fantastic demos and case studies from Uber, Square, Tigera, and Scytale. Here’s a recording of the event:

Key sessions are listed below:

Latest Project Updates(SPIFFE + SPIRE)

End User Talks:

• SPIRE @ Square: Matthew McPherrin talked about how Square is using SPIFFE and SPIRE to ensure secure communications across hybrid infrastructure services.
• SPIRE Scheduler Integration @Uber: Tyler Dixon talked about his work integrating SPIRE with workload schedulers and lessons learned along the way.

Demos:

• Scott Emmons (Scytale) gives a detailed look at the new security model for SPIRE on Kubernetes.
• Transparent Service Authentication and Authorization With Calico, Envoy and SPIRE This demo from Spike Curtis (Tigera) shows how Calico, Envoy and SPIRE can be used to deliver unified Layer 4 and Layer 7 authorization policies.
• Securely extending the Istio Service Mesh into new environments with SPIRE This demo from Eugene Weiss and Max Lambrecht (Scytale) shows how services running outside of a Kubernetes cluster can securely authenticate to those running in an Istio service mesh on-cluster using SPIRE.

Slides from the event are below:

Join us on Slack to share ideas, ask questions, and learn from those using SPIFFE and SPIRE to implement zero-trust security.