December 16, 2019

192 words 1 min read

Deep Dive: Container Identity WG

Deep Dive: Container Identity WG

Over the past year the Container Identity working group has been working on a number of initiatives relating to identity in Kubernetes. These include providing a mechanism to issue scoped JWTs that ca …

Talk Title Deep Dive: Container Identity WG
Speakers Greg Castle (Kubernetes/GKE Security Tech Lead, Google), Mike Danese (Software Engineer, Google)
Conference KubeCon + CloudNativeCon North America
Conf Tag
Location Seattle, WA, USA
Date Dec 9-14, 2018
URL Talk Page
Slides Talk Slides
Video

Over the past year the Container Identity working group has been working on a number of initiatives relating to identity in Kubernetes. These include providing a mechanism to issue scoped JWTs that can be externally validated which improves the security of identity integrations using Kubernetes service accounts, such as Hashicorp Vault. We’ve also made significant progress in providing a new mechanism to issue and mount service account identities inside the cluster that addresses a number of security and scalability issues with existing service accounts. Finally we’ve also enabled new identity integrations by exposing OIDC functionality from the Kubernetes cluster. We’ll discuss these changes, how they can be used today, and where we are headed next.

comments powered by Disqus