Chaos and Order

Chaos and Order https://www.youngju.dev/blog 천천히 올바르게. AI Researcher & DevOps Engineer Youngju's tech blog. GPU/CUDA, LLM, MLOps, Kubernetes AI workloads, distributed training, and data engineering. ko fjvbn2003@gmail.com (Youngju Kim) fjvbn2003@gmail.com (Youngju Kim) Fri, 12 Jun 2026 00:00:00 GMT https://www.youngju.dev/blog/devops/2026-06-12-spiffe-spire-workload-identity-mtls.en SPIFFE/SPIRE Workload Identity — Service-to-Service Authentication Without Secrets https://www.youngju.dev/blog/devops/2026-06-12-spiffe-spire-workload-identity-mtls.en SPIFFE/SPIRE is the answer to secret sprawl in the age of non-human identity. We cover SPIFFE IDs and SVIDs, the SPIRE server/agent architecture and attestation, hands-on Kubernetes deployment YAML, and automatic mTLS via Envoy SDS integration. We also examine Istio SPIFFE compatibility, federation across trust domains, comparisons with Vault and cert-manager, the bridge to user identity via transaction tokens, the extension to AI agent identity, and the operational challenges of adoption. Fri, 12 Jun 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) spiffespiremtlsworkload-identitykuberneteszero-trustsecurity https://www.youngju.dev/blog/devops/2026-06-12-spiffe-spire-workload-identity-mtls.ja SPIFFE/SPIREワークロードアイデンティティ — シークレットなしのサービス間認証 https://www.youngju.dev/blog/devops/2026-06-12-spiffe-spire-workload-identity-mtls.ja シークレットスプロールとnon-human identity時代の解法であるSPIFFE/SPIREを扱います。SPIFFE IDとSVIDの概念、SPIREのserver/agentアーキテクチャとattestation、Kubernetesデプロイ用YAML、Envoy SDS統合による自動mTLS構成まで実践中心に整理し、Istioとの互換性、信頼ドメイン間のfederation、Vaultやcert-managerとの比較、transaction tokensとAIエージェントidentityへの拡張、導入時の運用課題まで見ていきます。 Fri, 12 Jun 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) spiffespiremtlsworkload-identitykuberneteszero-trustsecurity https://www.youngju.dev/blog/devops/2026-06-12-spiffe-spire-workload-identity-mtls SPIFFE/SPIRE 워크로드 아이덴티티 — 시크릿 없는 서비스 간 인증 https://www.youngju.dev/blog/devops/2026-06-12-spiffe-spire-workload-identity-mtls 시크릿 스프롤과 non-human identity 시대의 해법인 SPIFFE/SPIRE를 다룹니다. SPIFFE ID와 SVID 개념, SPIRE의 server/agent 아키텍처와 attestation, 쿠버네티스 배포 YAML, Envoy SDS 통합으로 자동 mTLS 구성까지 실전 중심으로 정리하고, Istio와의 호환성, 신뢰 도메인 간 federation, Vault 및 cert-manager와의 비교, transaction tokens와 AI agent identity로의 확장과 운영 과제까지 살펴봅니다. Fri, 12 Jun 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) spiffespiremtlsworkload-identitykuberneteszero-trustsecurity