Twitter | Search | |
Joe Beda
Principal Engineer at . Was founder and CTO . Started GCE, , GKE, . Xoogler. He/Him.
24,393
Tweets
1,123
Following
36,266
Followers
Tweets
Joe Beda 2h
Replying to @hoekema
That is what we are doing with SPIFFE. Let me know if you want intros to the files working on it.
Reply Retweet Like
Joe Beda 10h
Sounds good -- reach out to jbeda at vmware and we can start getting you talking to the right folks.
Reply Retweet Like
Joe Beda 10h
Let me know how you want to get involved! We'd love to get you looking at SPIFFE and how we can use it more widely.
Reply Retweet Like
Joe Beda 10h
Creating certs for k8s service names is another complicated thing. There are a set of options here with different levels of complexity and opacity from consuming party (i.e. does the client see/use the SA name of the backend pod?)
Reply Retweet Like
Joe Beda 10h
Wrt k8s -- there is no one single way to map SVIDs to entities in k8s. Using SAs is a good start and probably sane. We could come up with recommended ways (and tools) to do that mapping.
Reply Retweet Like
Joe Beda 10h
Exactly! This is the entire premise behind SPIFFE. It can span any single mesh, federate identity control planes and create connectivity to stuff off cluster (mainframes, VMs, etc.)
Reply Retweet Like
Joe Beda 11h
Hi Idit! Hit me up and I'll connect you to the right folks that are thinking about this at VMware. jbeda at vmware.
Reply Retweet Like
Joe Beda 12h
That is where spiffe comes in.
Reply Retweet Like
Joe Beda 14h
Replying to @LachlanEvenson
That's the thinking!
Reply Retweet Like
Joe Beda 14h
Replying to @gabrtv @daprdev
Hit me up (jbeda at vmware) and I can intro you to folks. (Offer also goes out to others that may see this)
Reply Retweet Like
Joe Beda 14h
Replying to @wm @Linkerd
Hit me up (jbeda at vmware) and I can intro you to folks. (Offer also goes out to others that may see this)
Reply Retweet Like
Joe Beda 14h
Replying to @PradeepsCorner
Pretty sure it does ;)
Reply Retweet Like
Joe Beda 14h
Replying to @gabrtv @daprdev
I'd love to get us all talking SPIFFE and some evolved version of Hamlet. Is that something y'all are tracking? I think that Dapr could speak/gateway those directly and have much higher fidelity. Also applies to spring and other more "managed" systems.
Reply Retweet Like
Joe Beda 14h
Replying to @LachlanEvenson
But Dapr has it's own idea of service that sits above and different from what you get in a service mesh. This is something I hit on when I did the Dapr TGIK. We see similar things with spring running on a service mesh. Some features are implemented at both layers.
Reply Retweet Like
Joe Beda 14h
Replying to @wm @Linkerd
For my part I think it'll be a combo of SPIFFE along with an evolution of what we've started with Hamlet. Is that something you've been tracking?
Reply Retweet Like
Joe Beda 15h
Replying to @jbeda
These days I'm interested in really thinking about how service meshes (and things that are service mesh-like) can talk to each other securely and with high fidelity. We have ideas and some progress here and would love to get the right folks talking.
Reply Retweet Like
Joe Beda 15h
Looking at OSM -- super interesting. Wondering how it interacts with something like . Specifically both OSM and dapr supprot mTLS. Is there interoperability there? Plans for it? ( others?)
Reply Retweet Like
Joe Beda 20h
It was actually that came up with the name "Kubernetes". Honestly we were desperate to find a name that would pass the google trademark lawyers.
Reply Retweet Like
Joe Beda 20h
Replying to @dabockster
I do like the USB-C ecosystem. ¯\_(ツ)_/¯ Apple didn't create it but they did boost it.
Reply Retweet Like
Joe Beda 22h
Replying to @VT_UK
My understanding is that the more correct greek pronunciation is "kai-ber-neet-ees". I always feel bad when I pronounce it our butchered way to native greek speakers.
Reply Retweet Like