Skip to content

computeaholic/threadforge-identity-surface

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
deploy
deploy
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 

Repository files navigation

threadforge-identity-surface

Deterministic identity/admission installer for containment substrate validation.

Requirements

  • Kubernetes v1.26+ (ValidatingAdmissionPolicy GA)
  • AdmissionRegistration enabled
  • Cluster-admin privileges for installation
  • Conformant Kubernetes API server (no CRD bootstrapping performed by this repo)

This repository does not provision Kubernetes. This repository does not install Kubernetes-owned CRDs.

Contract

  • Assumes an existing Kubernetes cluster (Kubernetes v1.26+)
  • Assumes AdmissionRegistration is enabled
  • Does not provision a cluster
  • Uses Kustomize only (no Helm)
  • Does not include data-plane services, observability stack, storage systems, or research platform components
  • Installs minimal identity + admission plane required for containment checks

Commands

  • make install
  • make validate
  • make uninstall

About

SPIRE-based workload identity and admission enforcement surface for Kubernetes.

Topics

kubernetes security supply-chain spiffe spire admission-control

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages