Cross-cluster authentication got you down? Losing your hair trying to get mutually authenticated TLS inside, outside, and everywhere in-between? Fret no more! In this talk, Andrew Harding, a maintainer on the SPIFFE and SPIRE projects, will dig deep into a turnkey SPIRE deployment within Kubernetes that provides workloads and proxies with X.509 certificate-based SPIFFE identities. Andrew will demonstrate how to use these identities for cross-cluster authentication by declaring federation relationships between clusters using familiar Kubernetes primitives. On top of that, a live coding and demo session will show just how easy it is to leverage SPIFFE from within Kubernetes workloads with just a few lines of code.