Authenticating Distributed Systems Using SPIRE over Kubernetes Cluster

Abstract

Distributed systems like microservices, containerized applications and cloud computing are considered crown jewels for developing business driven applications. These systems provide scalability, resiliency, ease of accessibility and act like self-contained independent applications. As microservices grow, it becomes difficult to establish secure communication with them. Absence of secure communication could lead to security breaches like identity spoofing, identity repudiation, data in-confidentiality, broken data integrity and data un-availability. If a rogue microservice exists in the organization's environment, it could easily access critical microservices residing in the environment.SPIRE Project, an implementation of the Secure Production Identity Framework for Everyone (SPIFFE), is an open- source standard which could be leveraged to solve above- mentioned security challenges. This paper talks about various capabilities of the SPIFFE framework for secure bootstrapping and issuing unique cryptographic identities to distributed systems. We would showcase how distributed systems could mutually authenticate to prove their individual identities, before these systems could try and access critical data.