f-lira
commented
1 year ago Any news about the deadline of this feature?
Open chris13524 opened 2 years ago
f-lira
commented
1 year ago Any news about the deadline of this feature?
olix0r
commented
1 year ago @f-lira No. This work is not currently prioritized.
elee
commented
6 months ago Seemingly this is implemented? https://linkerd.io/2024/02/21/announcing-linkerd-2.15/
wmorgan
commented
3 months ago @elee Sort of. Linkerd does indeed support SPIFFE for non-Kubernetes services. I believe there is still a case to be made for it supporting SPIFFE within the cluster.
Feature Request
Support using SPIFFE for identity and use this provide mTLS credentials to services.
Other service meshes such as Envoy, Istio and Consul support SPIFFE identities.
What problem are you trying to solve?
Unifying identify management between multiple systems, for example Linkerd and NATS identities could be managed together and for securing cross-cluster communications.
How should the problem be solved?
Installing Linkerd and SPIFFE to my cluster, Linkerd should get trust roots and/or certificates from SPIFFE/SPIRE directly so that I do not have to configure or provide keys to Linkerd at all.
Any alternatives you've considered?
Working around Linkerd's inability to natively utilize SPIFFE, not using SPIFFE, or using Envoy.
How would users interact with this feature?
Some modification to the default configuration of Linkerd so that it uses SPIFFE/SPIRE.
/ref https://github.com/linkerd/linkerd2/issues/768 /ref https://github.com/linkerd/linkerd2/issues/4667