OIDC and Workload Identity in Kubernetes - Ashutosh Kumar, Elastic & Anish Ramasekar, Microsoft

Don't miss out! Join us at our next Flagship Conference: KubeCon + CloudNativeCon Europe in Paris from March 19-22, 2024. Connect with our current graduated, incubating, and sandbox projects as the community gathers to further the education and advancement of cloud native computing. Learn more at https://kubecon.io

OIDC and Workload Identity in Kubernetes - Ashutosh Kumar, Elastic & Anish Ramasekar, Microsoft

Traditionally, when applications running in Kubernetes pods need to access public cloud services, they would use service account credentials or other forms of authentication. Workload identity provides a convenient and secure way to manage access to Cloud (e.g. Google, Azure etc) resources from within Kubernetes by mapping the service account to the associated cloud provider service account. It eliminates the need for managing and distributing individual service account keys or credentials, improving the overall security posture of your applications. The speakers will walk through the concepts of workload identity on the following lines: (1) Explain how OpenID Connect is used to achieve workload identity and the authentication workflow for the same, (2) How to set up workload identity on public clouds for managed and unmanaged Kubernetes clusters for public clouds. They will also do a demo on how to set up workload identity with an example of Azure/Google public cloud.