logo
allArticlesConferencesPresentations

Sharing is NOT Caring: Stop Sharing Your Kubernetes Cluster Credentials

Conference:  ContainerCon 2022

2022-06-22

Authors:   Nigel Brown, Leigh Capili

Summary

The presentation discusses the importance of identity and access management in Kubernetes and introduces Pinniped as a solution.
  • Kubernetes lacks a robust identity and access management system
  • Pinniped is a solution that provides a secure and flexible identity and access management system for Kubernetes
  • Pinniped offers a variety of authentication methods, including OAuth 2.0 and OpenID Connect
  • Pinniped is actively seeking input from the community to improve the project
The speaker emphasizes the importance of identity and access management in distributed systems, and how Pinniped can help solve this problem in Kubernetes. They explain that while Kubernetes has some lightweight options for identity management, they are not sufficient for managing identities outside of the cluster. The speaker also highlights the potential security risks of using service account tokens and handing out config files with secrets. Pinniped offers a more secure and flexible solution, with support for various authentication methods. The speaker encourages the audience to get involved in the Pinniped community and provide feedback to help improve the project.

Abstract

Attention Kubernetes admins! That kubeconfig your developer just downloaded has credentials that can compromise not just their system but potentially your entire Platform! Stop taking the risk and switch to using kubeconfigs that can be securely distributed to users. In this talk, we will discuss how an open source solution, Pinniped, helps solve your problem of secure kubeconfig generation. Pinniped kubeconfigs can be safely distributed as they don't have any user specific credentials. But users have authentication requirements beyond just safe kubeconfig generation, such as seamless cluster access without having to login multiple times a day, support for multiple clouds provider access, and the ability to integrate with various identity providers. In our session, we will deep dive into the architectural components of Pinniped and explain how they help solve the authentication challenges for Kubernetes users.
Materials:
Tags:
Kubernetes
kubeconfig
authentication
pinniped
Security

Post a comment

Related work

What Do You Mean K8s Doesn't Have Users? How Do I Manage User Access Then?

Conference:  KubeCon + CloudNativeCon Europe 2021
Authors: Jussi Nummelin

Keeping It Simple: Cilium Networking for Multicloud Kubernetes

Conference:  KubeCon + CloudNativeCon Europe 2023
Authors: Liz Rice
2023-04-21

Multi-Cloud Workload Identity With SPIFFE

Conference:  KubeCon + CloudNativeCon Europe 2022
Authors: Charlie Egan, Jake Sanders
2022-05-20

K8s and Active Directory Can Be Friends! How to Use Dex to Bridge the Gap

Conference:  KubeCon + CloudNativeCon Europe 2022
Authors: Onkar Bhat
2022-05-18

Sponsored Session: Kubernetes Package Management Using Unix Philosophy with Carvel

Conference:  KubeCon + CloudNativeCon Europe 2021
Authors: Helen George, João Pereira

Tutorial: Set Up Your Shell For Kubernetes Productivity And Be Efficient Quickly

Conference:  KubeCon + CloudNativeCon North America 2022
Authors: Ayrat Khayretdinov, Sebastien Prune Thomas
2022-10-27