Skip to main content

Add a Kubernetes Cluster

By default, spirlctl will use the currently-configured kubectl context to deploy the SPIRL Agents. Run the following command to bootstrap your cluster with SPIRL:

./spirlctl cluster add "cluster-1" --trust-domain "example.com" --platform k8s

Once complete, the above step will have done the following:

  1. Registered your Kubernetes cluster with SPIRL.
  2. Within your cluster, created a new namespace (spirl-system) to run the required SPIRL components.
  3. Deployed the following components:
    1. The SPIRL admission controller, which automatically exposes the SPIRL agent to your pods.
    2. The SPIRL/SPIFFE CSI Driver, which facilitates injection of the SPIFFE Workload API to your workloads.
    3. The SPIRL agent, which runs alongside your workloads to grant them SPIFFE SVIDs.

That’s it!! SPIRL is now running, and every pod you deploy from now on will have a SPIFFE Workload API socket automatically injected, with a X.509-SVID and JWT-SVID made available. To see it in action, continue following along (below) to deploy a SPIFFE demo app.

[Optional] Repeat the above command with a different cluster name and kubectl context to add more Kubernetes clusters to the [example.com](http://example.com) trust domain.