Though support for Windows is very new, we’ve collaborated with interested community members to design and verify the current feature set. We have work to do to provide this support, which may include collaborating with others in the ecosystem to develop and upstream requisite changes to libraries like gRPC. This is in part due to a lack of support for named pipe transports in the C/C++ gRPC library. While the go-spiffe library has been updated to support the use of named pipes with the Workload API, other language libraries have not.We are actively investigating alternative means to attest Windows workloads running in K8s. The K8s workload attestor plugin is not yet supported on Windows due to a difference in support for key K8s features that we rely on to attest K8s-based workloads. SPIRE FREE DOWNLOAD WINDOWS UPDATEWe will be working closely with the SPIFFE SIG Spec group to update the specification to standardize the way that SPIFFE implementers (like SPIRE) can use named pipes to serve and consume the Workload API. The SPIFFE Workload Endpoint standard does not yet support exposing the Workload API as a named pipe endpoint.We have a lot of work ahead in multiple dimensions: We know that we will need to work across several releases to provide a similar level of feature parity with what we have today on Linux platforms. As we pointed out, SPIRE has been growing in maturity and stability on Linux platforms over several years. Supporting SPIRE on an additional operating system is not a trivial task. Configuration differences are limited to areas where platform specific features are in use (e.g. With that in mind, running SPIRE on Windows feels very similar to running it on Linux. One guiding principle of the SPIRE project is to strive for ease-of-use and intuitive configuration. In addition, a new Windows-specific workload attestor has been added (similar to the existing Unix workload attestor) for providing Windows-specific attributes to Windows workloads. Existing plugins have been adapted to work under Windows, where applicable. The 1.3.0 release adds support for running both the SPIRE Server and Agent on Windows. We will be working hard to fill the gaps and stabilize Windows support over the next several SPIRE releases. We anticipate that as our operational experience with Windows evolves, changes that impact the user experience or functionality will need to be introduced. Windows support is being introduced incrementally as an experimental feature.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |