Caller ID in Kubernetes - Michael Danese, Google
Abstract
Kubernetes lets every Pod have a Service Account identity, but previously, that identity has only really been usable to authenticate to the Kubernete API server. The newly-released pod proof of identity can be used to securely establish trusted communication between workloads running in a Kubernetes cluster, to external services, or even to bootstrap the identity of higher level services like Istio. This talk will delve into the design of workload identity in Kubernetes and how you can use it to build more secure systems.