Identity Provider implementation #723
Description
Feature Request
Proposal
In order to implement end-to-end encryption between nodes, Maesh should implement an Identity Provider. This IdP will be responsible to issue trusted certificates for proxies to allow mTLS communications The IdP should at least:
- Issue trusted certificates compliant with the SPIFFE spec.
- Provide a Trust Bundle needed to secure communications.
- Attest mesh proxies to only issue certificates for trusted proxies.
To negotiate a certificate, a proxy should also have a sidecar which will implement the negotiation and the renewal routine needed for mTLS communications between nodes.
Those features will be provided as separate commands which will be used by Helm resources.