📄️ Process, Architecture, and Prerequisites
SPIRL Trust Domain Servers can be integrated with Venafi Firefly to issue workload identities with your existing PKI infrastructure.
📄️ Configure Firefly
This section describes how to configure Firefly to use SPIRL Trust Domain Servers. For more information about Firefly configuration, see Firefly Configuration Documentation.
📄️ Register SPIFFE Trust Domain
Using the SPIRL CLI spirlctl you can register a SPIFFE Trust Domain
📄️ Deploy SPIRL Trust Domain Servers
You'll use SPIRL Trust Domain Servers Helm chart to deploy SPIRL Trust
📄️ Verifying SPIRL Trust Domain Servers Connectivity
You can check the logs of the SPIRL Trust Domain Server Pods to verify that the SPIRL Trust Domain Servers are connected to the SPIRL Control Plane. "Dialed signer relay successfully" message in the logs indicates that the SPIRL Trust Domain Server is syccessfully connected to the SPIRL Control Plane.
📄️ Verify Firefly Connectivity to Control Plane
You can check Firefly container logs to verify that Firefly is connected to the Venafi Control Plane and get intermediate certificates signed.
📄️ Register Cluster with SPIRL Trust Domain Server
In order for SPIRL Agents running in the cluster to be able to connect to the SPIRL Trust Domain Server, you need to register the cluster with the SPIRL Trust Domain Server. You can register the cluster with the SPIRL Trust Domain Server by running the following command:
📄️ Deploy SPIRL Agent to the Cluster
We'll deploy the SPIRL Agent to the cluster using the Helm chart. You'll need to provide the following values to the Helm chart:
📄️ Verify SPIFFE Workload API and SVID Issuance
Similar to Quick start section, you can verify that SPIRL Workload API is working by deploying a sample SPIFFE Demo Application: