Add spiffe-csi driver support to authentication part

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
tektoncd · Nov 1, 2022 · e3de95d · e3de95d
1 parent 9a47793
commit e3de95d
Showing 1 changed file with 18 additions and 0 deletions.
diff --git a/docs/authentication.md b/docs/authentication.md
@@ -161,3 +161,21 @@ to deployment `volumes` section:
         hostPath:
           path: /run/spire/sockets/agent.sock
 ```
+
+Last but not least, thanks to [spiffe-csi](https://github.com/spiffe/spiffe-csi), which is a a CSI (Container Storage Interface) driver for Kubernetes that facilitates injection of the SPIFFE Workload API , there is alternative way of retrieving the Agent socket to your Pods without having to mount the hostPath. You can read more about it [here](https://www.kusari.dev/blog/spiffee-csi/). Once you have installed `spiffe-csi-driver` into your cluster by following the [installation steps](https://github.com/spiffe/spiffe-csi/tree/main/example#steps) in the GitHub repository, the only thing that you have to do is add the following code snippet to deployment `volumes` and `volumeMounts` sections:
+
+
+```
+     ...
+        volumeMounts:
+          - name: spiffe-workload-api
+            mountPath: /spiffe-workload-api
+            readOnly: true
+     
+     ...
+      volumes:
+        - name: spiffe-workload-api
+          csi:
+            driver: "csi.spiffe.io"
+            readOnly: true
+```