Secure access to GKE workloads with Workload Identity

preview_player
Показать описание
What authorization types are available for GKE? How do you manage access to your GKE workloads at the cloud and cluster levels? Workload Identity is the recommended way to access Google Cloud services in a secure and manageable way. In this episode of GKE Essentials, Kaslin Fields discusses how to simplify access management for Kubernetes workloads with Google Cloud Workload Identity. Watch along and learn how to secure your GKE clusters!

Chapters:
0:00 - Intro
0:33 - Authorization types in GKE
0:45 - Cloud IAM role
2:22 - Kubernetes role-based access control
3:11 - Service accounts for Kubernetes and Google Cloud
4:13 - What is Workload Identity?
5:07 - How to deploy Workload Identity
5:51 - Wrap up

#GKEEssentials
  1. Google Cloud Tech
  2. Google Kubernetes Engine
  3. Google Kubernetes Engine API
  4. Workload Identity
  5. Identity and Access Management
  6. Google Cloud
Рекомендации по теме
Secure access to 0:06:34

Secure access to GKE workloads with Workload Identity

Keyless Entry: Securely 0:39:18

Keyless Entry: Securely Access GCP Services From Kubernetes (Cloud Next '19)

Workload Identity in 0:09:39

Workload Identity in GKE to fetch data from Google Cloud Storage.

What is Workload 0:07:30

What is Workload Identity for GKE Services

How to Enable 0:15:28

How to Enable Workload Identity in GKE cluster

Introduction to securing 0:05:55

Introduction to securing cluster access

How to enable 0:03:36

How to enable and configure Workload Identity

Goodbye Service Account 0:25:19

Goodbye Service Account Keys, Hello Workload Identity Federation – Building Secure Apps with GCP

[Kubernetes] Episode 14: 0:32:30

[Kubernetes] Episode 14: Securing Access in Kubernetes/GKE

Using GKE Workload 0:23:15

Using GKE Workload Identity with Stash

Learn to isolate 0:04:53

Learn to isolate containerized workloads with Google Cloud

A cloud networking 0:58:46

A cloud networking blueprint for securing your workloads (Google Cloud Next '17)

Right-sizing your workloads 0:07:10

Right-sizing your workloads in GKE at scale

5 Things needed 0:00:38

5 Things needed for Workload Identity in GKE

GKE Workload Identity 0:10:21

GKE Workload Identity between two projects

High Availability for 0:05:59

High Availability for Stateful GKE Workloads

What is Workload 0:03:21

What is Workload Identity Federation?

GKE: Concepts of 0:11:29

GKE: Concepts of Networking

Who Protects What? 0:41:43

Who Protects What? Shared Security in GKE (Cloud Next '19)

Access Google Cloud 0:10:18

Access Google Cloud from GitHub Action Sans Keys - Workload Identity Federation

Webinar - Securing 0:54:44

Webinar - Securing GKE Workloads with Jaco Nel and Jonathan Frankel

#CloudRun or #GKE 0:00:45

#CloudRun or #GKE for containerized workloads #Shorts

Workload Identity, Config 1:35:06

Workload Identity, Config Connector and Managed Application Delivery in GKE | Webinar #2

Introducing GKE's opinionated 0:05:18

Introducing GKE's opinionated security posture tools

Комментарии
Автор

Thanks for simplifying these topics. They can be really confusing at times ñ. This helps.

AlejandroBiancucci
Автор

This is one of best feature.
Which avoids rotation of keys

thecloudcareers
Автор

I’ve been getting into Workload Identity more lately. One thing I’ve really been wondering about is if it’s possible to differentiate between the service account performing image pulling vs. the service account actually used to execute the workload (i.e. at the pod level). Is that possible? You can use imagePullSecrets but that’s precisely what I’m trying to avoid using, and I just want a SA who’s sole purpose is just for pulling images from a separate project. 🤦‍♂️

patricknelson
Автор

All good but wasted first 3 minutes explaining IAM.

aravindpoojari