Kubernetes Security with Identity & OIDC
About this video
What You'll Learn
- Why long-lived kubeconfig certificates should be reserved for break-glass access
- How OIDC impersonation maps GitHub workflow identities to Kubernetes RBAC
- Why supply chain signing depends on trusted identities, not just cryptographic keys
Marc Boorshtein, CTO of Tremolo Security, explains why long-lived kubeconfig certificates are an anti-pattern, how OIDC and impersonation deliver revocable cluster access, and how workflow identity via OIDC JWTs replaces static service account tokens in CI/CD pipelines.
Meet the Cast
Weekly Cloud Native insights
Stay ahead in cloud native
Tutorials, deep dives, and curated events. No fluff.
More from Cloud Native Compass
View all 23 episodes
39:59
Navigating Kairos: Immutable Operating Systems with a Cloud Native Twist
51:20
Flatcar Linux: A Modern OS for the Always-On Infrastructure
43:56
Platform Engineering: Asking "Why"? with Evelyn Osman
41:58
AI-Augmented Programming
48:42
Observability for Developers: What You Need to Know?
47:55
The Future of Sustainability in Open Source
Comments