From e3de95d986f3ef15aa81d77b07cd32dc4084ebdf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Batuhan=20Apayd=C4=B1n?= <batuhan.apaydin@trendyol.com>
Date: Tue, 1 Nov 2022 15:08:52 +0300
Subject: [PATCH] Add spiffe-csi driver support to authentication part
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
---
 docs/authentication.md | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/docs/authentication.md b/docs/authentication.md
index 6a88b9cbf1..069bf2b631 100644
--- a/docs/authentication.md
+++ b/docs/authentication.md
@@ -161,3 +161,21 @@ to deployment `volumes` section:
         hostPath:
           path: /run/spire/sockets/agent.sock
 ```
+
+Last but not least, thanks to [spiffe-csi](https://github.com/spiffe/spiffe-csi), which is a a CSI (Container Storage Interface) driver for Kubernetes that facilitates injection of the SPIFFE Workload API , there is alternative way of retrieving the Agent socket to your Pods without having to mount the hostPath. You can read more about it [here](https://www.kusari.dev/blog/spiffee-csi/). Once you have installed `spiffe-csi-driver` into your cluster by following the [installation steps](https://github.com/spiffe/spiffe-csi/tree/main/example#steps) in the GitHub repository, the only thing that you have to do is add the following code snippet to deployment `volumes` and `volumeMounts` sections:
+
+
+```
+     ...
+        volumeMounts:
+          - name: spiffe-workload-api
+            mountPath: /spiffe-workload-api
+            readOnly: true
+     
+     ...
+      volumes:
+        - name: spiffe-workload-api
+          csi:
+            driver: "csi.spiffe.io"
+            readOnly: true
+```
\ No newline at end of file