Keyless Entry: Securely Access GCP Services from Kubernetes
This is a talk I gave with Aaron Small and Mike Danese about foregoing long lived credentials (PKI) for short lived access tokens on GKE.
You can read about it over on the Google Cloud Blog, too!
No more exporting Google service account keys or lumping permissions onto one account. Kubernetes now provides a way for Kubernetes workloads to prove their identity outside of their cluster. We’ve built on this to deliver a simpler, more secure way to authenticate to Google services whether you’re running Kubernetes on GKE, GCP, on-premises, or a hybrid mix. This talk will explain and demonstrate how to use this exciting new capability to easily access Google Cloud services without any changes to your application code.