csi-driver-spiffe vs csi-driver

[klDevaa]

From the documentation of the cert-manager we can see that csi-driver spiffe allows to use SVIDs to enable mTLS between pods within their trust domain (https://cert-manager.io/docs/projects/csi-driver-spiffe/). However, in the csi-driver documentation (https://cert-manager.io/docs/projects/csi-driver/) there is also a way to use SPIFFE IDs and it also adds the right to use dnsNames (csi.cert-manager.io/dns-names). I am wondering, what is the difference between using these two tools, so what is the csi-driver-spiffe providing additionally and why it would be useful. Can the csi-driver-spiffe also be used to validate dns names when it requests the certificate? And is there any relevant documentation for this?

[inteon]

You can request the same certificates with csi-driver that you can request with csi-driver-spiffe.
However, csi-driver-spiffe will automatically generate a SPIFFE ID and use that in its request. In csi-driver, you have to manually specify what SPIFFE ID you want to request. Also, csi-driver-spiffe automatically approves the requested certificate request after it confirmed that the auto-generated SPIFFE ID indeed matches the identity of the Pod/ SA.