This video series will guide you through establishing a secure cross-cluster mTLS connectivity between workloads across multiple clusters using SPIRE. We will start with a blank slate, and make as little assumptions as we can along the way.
In this final video of this series, we’ll exchance trust bundles between two SPIRE servers to enable cross-cluster mTLS connectivity between workloads that reside in different clusters.
We are almost there! Once we configure the client to use SPIRE mTLS, the client and the server can talk securely within a single cluster. In the following video, we’ll move the client to a different cluster and federate the SPIRE servers to establish cross-clsuter mTLS too.
Now that we have SPIRE, our server application can use it to establish an mTLS connectivity.
For SPIRE to be able to attest workloads and distribute SVIDs to them, we’ll have to register the nodes and the workloads to SPIRE. That’s what this section is all about.
To establish an identity control plane, we’ll need SPIRE. This section will deploy SPIRE to the clusters.
We’ll continue creating creating container images and deploying the client app to the cluster too, then observe how the client and server communicate with each other within the pods.
This section will bundle the server application, create and image out of it, create deployment manifests, and deploy it into the cluster.
This section will create the client app and establish connectivity between the client and the server. The connectivity is insecure: There is no mTLS security yet—we’ll come to that later.
We’ll start by creating a server application. Once the server is ready, we’ll continue with the client application on the next video.