Skip to main content

Architecture, Prerequisites, and Process

Architecture

SPIRL Trust Domain servers are deployed in a Kubernetes cluster via Helm chart. When integrating SPIRL servers with Venafi Firefly, each Trust Domain server pod will contain a Trust Domain server and an additional Venafi Firefly container. The Firefly container is used to integrate the Trust Domain server into your PKI infrastructure.

Venafi Firefly is exposed to the Trust Domain server container via unix domain socket over a shared temporary volume.

Prerequisites

  1. Kubernetes cluster
  2. Venafi Firefly Account

High-level procedure overview

  1. Configure Venafi Firefly
  2. Create self-hosted SPIFFE Trust Domain with SPIRL Control Plane
  3. Deploy SPIRL Trust Domain Server via Helm chart
  4. Verify SPIRL Trust Domain Server is connected to SPIRL Control Plane
  5. Verify Venafi Firefly is connected to Venafi Control Plane
  6. Register your first cluster with SPIRL self-hosted SPIRL Trust Domain Server
  7. Configure and deploy SPIRL SPIFFE Workload API Agents in your cluster
  8. Verify SPIRL SPIFFE Workload API Agents are connected to SPIRL Trust Domain Server