The project aims to provide a management plane and capabilities for SPIFFE identities managed by SPIRE. The goals are to provide global visibility, auditability, and configuration and policy management for identities. This can be thought about as a central management plane for identities across SPIRE servers, with the aim for use by an administrator or CISO to govern an organization's workload identities.
- Tornjak Slack channel on CNCF SPIFFE
- Tornjak Blogs
- YouTube Tornjak channel
The following are guides on how to try out Tornjak:
A list of releases can be found at https://github.com/spiffe/tornjak/releases. These releases include source code for each stable version of Tornjak image tags. The tag tornjak-X.Y.Z
corresponds to official pre-built released image. For example, for tornjak-backend
, the pre-built image corresponding to the code at release tornjak-X.Y.Z
is tornjak-backend:vX.Y.Z
.
Here are a few additional resources:
In case of deployment or configuration troubles, check out our hints documenation
The architecture consists of 2 main components, the agent and the manager.
- The manager provides a management control plane for SPIRE servers, and a central point of data collection. It interacts with the agents, SPIRE servers, and corresponding components to achieve this.
- The agent provides a way for the management plane to communicate with the SPIRE servers and provide introspection and configuration of identities.
For more details of the components and execution plan, please refer to these documents
To request features or report bugs, please use Github Issues. To get started on development, please see CONTRIBUTING