Architecture, Prerequisites, and Process
Architecture
Trust Domain Servers are deployed in a Kubernetes cluster via Helm chart. When integrating Defakto servers with Venafi Firefly, each Trust Domain Server pod will contain a Trust Domain Server and an additional Venafi Firefly container. The Firefly container is used to integrate the Trust Domain Server into your PKI infrastructure.
Venafi Firefly is exposed to the Trust Domain Server container via unix domain socket over a shared temporary volume.
Prerequisites
- Kubernetes cluster
- Venafi Firefly Account
High-level procedure overview
- Configure Venafi Firefly
- Create self-hosted SPIFFE Trust Domain with Defakto Control Plane
- Deploy Trust Domain Server via Helm chart
- Verify Trust Domain Server is connected to Defakto Control Plane
- Verify Venafi Firefly is connected to Venafi Control Plane
- Register your first cluster with Defakto self-hosted Trust Domain Server
- Configure and deploy Defakto SPIFFE Workload API Agents in your cluster
- Verify Defakto SPIFFE Workload API Agents are connected to Trust Domain Server