Add a Kubernetes Cluster

Before you begin

This step requires:

A Kubernetes cluster with cluster admin permissions
kubectl configured to access your cluster

If you don't have a Kubernetes cluster, you can create a local cluster using kind:

kind create cluster --name "cluster-1"

Bootstrap the cluster

By default, spirlctl will use the currently-configured kubectl context to deploy the Defakto agent software (Defakto Agent). Run the following command to bootstrap your cluster with Defakto:

./spirlctl cluster add "cluster-1" --trust-domain "example.com" --platform k8s

Once complete, the above step will have done the following:

Registered your Kubernetes cluster with Defakto.
Within your cluster, created a new namespace (spirl-system) to run the required Defakto components.
Deployed the following Defakto components:
- The admission controller, which automatically exposes the Defakto agent to your pods.
- The CSI Driver, which facilitates injection of the SPIFFE Workload API to your workloads.
- The Agent, which runs alongside your workloads to grant them SPIFFE SVIDs.

That’s it! Defakto is now running, and every pod you deploy from now on will have a SPIFFE Workload API socket automatically injected, with an X.509-SVID and JWT-SVID made available. To see it in action, continue following along (below) to deploy a SPIFFE demo app.

Optional: Repeat the above command with a different cluster name and kubectl context to add more Kubernetes clusters to the example.com trust domain.

Before you begin​

Bootstrap the cluster​

Before you begin

Bootstrap the cluster