The new release features various enhancements to help deploy and operate SPIRE at scale
We are excited to share that SPIRE 0.8.2 has been released with contributions from engineers from several organizations including Uber, Scytale, Z Lab (Yahoo Japan), and HashiCorp. The SPIFFE and SPIRE projects allow security and operations teams to standardize and scale service to service authentication across hybrid infrastructure. This release contains performance and usability features that were requested by organizations that are beginning to deploy and operate SPIRE at scale.
Key features include:
Improved Datastore Performance
- Configuration for Connection Pools in SQL DataStore plugin: can help operators optimize datastore performance by setting thresholds for metrics such as the number of idle connections and the amount of time a connection may be reused.
- SQL DataStore Plugin now emits metrics: such as elapsed time of each operation, to help engineers better track and troubleshoot performance issues.
- Query enhancements: to speed up scale related hot paths.
Simplified Administration and Configuration
- Agentless SVID “minting”: allows SVIDs to be created directly against SPIRE server for certain administrative, one-time scenarios that don’t require credential rotation.
- Kubernetes PSAT node attester now emits node and pod label selectors: to make it easy for administrators to form node sets.
- Kubernetes workload registration based on annotations: Now operators can use the annotation of a Kubernetes Pod to register a workload with the Kubernetes workload registrar.
Want to learn more? To dive in, you can: