Deep Dive: Container Identity WG
Over the past year the Container Identity working group has been working on a number of initiatives relating to identity in Kubernetes. These include providing a mechanism to issue scoped JWTs that ca …
Talk Title | Deep Dive: Container Identity WG |
Speakers | Greg Castle (Kubernetes/GKE Security Tech Lead, Google), Mike Danese (Software Engineer, Google) |
Conference | KubeCon + CloudNativeCon North America |
Conf Tag | |
Location | Seattle, WA, USA |
Date | Dec 9-14, 2018 |
URL | Talk Page |
Slides | Talk Slides |
Video | |
Over the past year the Container Identity working group has been working on a number of initiatives relating to identity in Kubernetes. These include providing a mechanism to issue scoped JWTs that can be externally validated which improves the security of identity integrations using Kubernetes service accounts, such as Hashicorp Vault. We’ve also made significant progress in providing a new mechanism to issue and mount service account identities inside the cluster that addresses a number of security and scalability issues with existing service accounts. Finally we’ve also enabled new identity integrations by exposing OIDC functionality from the Kubernetes cluster. We’ll discuss these changes, how they can be used today, and where we are headed next.