Waiting for input...
Star SPIKE on GitHub

SPIKE Quickstart Guide

The fastest way to get started with SPIRE and SPIKE is to deploy them using the official SPIFFE Helm chart.

You can deploy SPIKE to any Kubernetes cluster, including a local one like KinD or Minikube. We will use Minikube in this guide. Your installation may vary slightly depending on the Kubernetes cluster you are using, but the general steps will be the same.

We will also use a Debian Linux machine throughout this guide, but you can use any OS that supports SPIFFE, SPIRE, Docker, and Kubernetes. Depending on your OS, your installation steps may vary slightly, but the general steps will not change much.

Prerequisites

Here is a list of things you need to have installed on your machine before starting with this guide:

  • Have Docker installed and running on your machine.
  • Have a kubectl client installed.
  • Have make installed on your machine.
  • Have a minikube binary installed.
  • Have helm binary installed.

Starting Minikube

To start a local Minikube cluster, clone the project repository and run the following command in the root directory of the project:

cd $WORKSPACE # Replace with your workspace directory
git clone https://github.com/spiffe/spike.git
cd spike
make docker-cleanup # (Optional) Purge docker registry.
make k8s-delete     # Delete any former Minikube installation.
make k8s-start      # This will start a Minikube cluster.

If successful, you will have a local Minikube cluster running with the necessary plugins enabled. You can verify that Minikube is running by executing:

minikube status
# or...
kubectl get node

# Sample Outputs:
#
# $ minikube status
# minikube
# type: Control Plane
# host: Running
# kubelet: Running
# apiserver: Running
# kubeconfig: Configured
#
# $ kubectl get node
# NAME       STATUS   ROLES           AGE   VERSION
# minikube   Ready    control-plane   67s   v1.33.1

Deploying SPIKE to Minikube

Once you have Minikube running, you can deploy SPIKE to it from SPIFFE helm charts.

First create a values.yaml file to enable SPIKE components:

spike-keeper:
  enabled: true
spike-nexus:
  enabled: true
spike-pilot:
  enabled: true

Then deploy SPIKE using the following command:

helm upgrade --install spire-crds spire-crds \
  --repo https://spiffe.github.io/helm-charts-hardened/
  
helm upgrade --install spiffe spire \
  --repo https://spiffe.github.io/helm-charts-hardened \
  -f ./values.yaml # The values.yaml file we created earlier

Verifying SPIKE Deployment

First, make sure that your components are up and running.

kubectl get po 
# Sample Output:
#
# NAME                                      READY  STATUS 
# spiffe-agent-j6448                        1/1    Running
# spiffe-server-0                           2/2    Running
# spiffe-spiffe-csi-driver-ngqnk            2/2    Running
# spiffe-spiffe-oidc-discovery-provider-78  2/2    Running
# spiffe-spike-keeper-0                     1/1    Running
# spiffe-spike-keeper-1                     1/1    Running
# spiffe-spike-keeper-2                     1/1    Running
# spiffe-spike-nexus-0                      1/1    Running
# spiffe-spike-pilot-6997997fcb-nlqk8       1/1    Running

Once the deployment is complete, you can verify SPIKE is running by creating a sample secret and reading its value back.

kubectl exec -it deploy/spiffe-spike-pilot -- sh
# Shell into the container and run the following commands:
spike secret list
# Output:
# No Secrets found.
spike secret put test/creds username=spike password=SPIKERocks
# Output:
# OK
spike secret list
# Output:
# - test/creds
spike secret get test/creds
# Output:
# password: SPIKERocks
# username: spike

Next Up

You are all set. You have successfully deployed SPIKE to your local Minikube cluster. Explore other parts of the documentation to learn more about using SPIKE.

Here are a few links to get you started: