This repository contains infrastructure for development and demos as well as automated demos for each SPIRE release
simple_verification - SVID Verification with Ghostunnel
This demo shows a Ghostunnel connection validating SPIFFE certificates.
rosemary - UNIX Attestation and Ghostunnel Verification
Demonstrates two workloads communicating over mutually authenticated Ghostunnel using SVIDs generated through UNIX attestation by UID.
beatrice - Kubernetes Attestation and Ghostunnel verification
Demonstrates two workloads communicating over mutually authenticated Ghostunnel endpoints using SVIDs automatically provisioned to an attested Kubernetes Pod.
cadfael - AWS Attestation and Envoy Verification
Demonstrates two workloads communicating via mutually authenticated Envoys using SVIDs generated through AWS instance attestation.
drew - Server and Agent Scale and Performance
Demonstrates 100 workloads on 100 servers managed by one spire-server
dupin - nginx with SPIFFE support
Demonstrates the use of the SPIFFE Workload API to automatically get X.509 certificates natively in nginx, with no helper. Connections are accepted or rejected based on allowed SPIFFE IDs.
java-spiffe - java with SPIFFE support
Demonstrates the use of the SPIFFE Workload API to dynamically update the X509 certificates of a custom KeyStore in a Java Security Provider. Connections are established using mTLS validating SPIFFE IDs
java-keystore-tomcat - Tomcat using a SPIFFE based KeyStore
Demonstrates two Tomcats using a SPIFFE based KeyStore and TrustStore that handles SVID certificates that gets from the WorkloadAPI. Connections are established using mTLS validating SPIFFE IDs.
vagrant_k8s - Local Kubernetes with Vagrant
Creates a Kubernetes master and >=1 node in separate Vagrant VMs.
vagrant_db - Local MariaDB "bare metal" with Vagrant
ec2 - AWS EC2 with Terraform
Provisions a VPC with three EC2 instances with proper IAM instance roles for the aws-resolver plugin.