This feature is in private preview and is not publicly available.
Downtime Protection
The SPIRL System supports an optional component -- the SPIRL Reflector -- to mitigate the effect of temporary network outages. This guide contains detailed information to help you setup Downtime Protection by installing the SPIRL Reflector as part of your SPIRL System deployment.
Overview
The SPIRL Reflector is an optional resiliency component that enhances the SPIRL workload identity platform by reducing dependency on the Trust Domain Server (TDS) for existing workload scaling operations. The Reflector operates as an intelligent caching proxy that sits between SPIRL Agents and the TDS, enabling continued credential issuance for existing workloads even when the TDS becomes unavailable.
The Reflector enhances this architecture by intercepting credential requests from Agents and either forwarding them to the TDS (normal path) or serving cached credentials when the TDS is unreachable (resilient path).
This design maintains a robust security model while providing steady-state resiliency, allowing existing workloads to scale out even during TDS outages, though new workload clusters still require TDS connectivity for initial credential bootstrapping.
See the below pages for more information about installing or using the Reflector.
📄️ Install SPIRL Reflector in SPIRL System
This feature is in private preview and is not publicly available.
📄️ Monitoring SPIRL Reflector
This feature is in private preview and is not publicly available.
📄️ Configuration Reference
This feature is in private preview and is not publicly available.