github.com/cilium/cilium@v1.16.2/Documentation/network/servicemesh/mutual-authentication/installation.rst (about) 1 Prerequisites 2 ############# 3 4 * Mutual authentication is only currently supported with SPIFFE APIs for certificate management. 5 * The Cilium Helm chart includes an option to deploy a SPIRE server for mutual authentication. You may also deploy your own SPIRE server and configure Cilium to use it. 6 7 Installation 8 ############ 9 10 .. Note:: 11 12 The default installation requires `PersistentVolumeClaim <https://kubernetes.io/docs/concepts/storage/persistent-volumes/>`_ 13 support in the cluster, so please check with your cluster provider if it's supported or how to enable it. 14 15 For lab or local cluster, you can switch to in-memory storage by passing ``authentication.mutual.spire.install.server.dataStorage.enabled=false`` 16 to the installation command, at the cost of re-creating all data when the SPIRE server pod is restarted. 17 18 19 .. tabs:: 20 21 .. group-tab:: Cilium CLI 22 23 .. include:: ../../../installation/cli-download.rst 24 25 You can enable mutual authentication and its associated SPIRE server with the following command. 26 This command requires the Cilium CLI Helm mode version 0.15 or later. 27 28 .. code-block:: shell-session 29 30 $ cilium install \ 31 --set authentication.mutual.spire.enabled=true \ 32 --set authentication.mutual.spire.install.enabled=true 33 34 Next, you can check the status of the Cilium agent and operator: 35 36 .. code-block:: shell-session 37 38 $ cilium status 39 40 .. group-tab:: Helm 41 42 The Cilium Helm chart includes an option to deploy SPIRE server for mutual authentication. 43 You may also deploy your own SPIRE server and configure Cilium to use it. 44 Please refer to :ref:`k8s_install_helm` for a fresh installation. 45 46 .. parsed-literal:: 47 48 $ helm install cilium |CHART_RELEASE| \\ 49 --namespace kube-system \\ 50 --set authentication.mutual.spire.enabled=true \\ 51 --set authentication.mutual.spire.install.enabled=true 52 53 $ kubectl -n kube-system rollout restart deployment/cilium-operator 54 $ kubectl -n kube-system rollout restart ds/cilium 55 56 Next, you can check the status of the Cilium agent and operator: 57 58 .. code-block:: shell-session 59 60 $ cilium status 61 62 .. include:: ../../../installation/cli-download.rst