Comment by mdaniel

Comment by mdaniel 8 days ago

0 replies

View on Hacker News

I'm sure for 10 people you'll get 15 answers, but for my money OIDC is the way, the truth, and the light. GitHub and GitLab offer it, one can have federated auth from within a k8s Pod to anything that trusts OIDC, and realistically one can do it from anything that has intrinsic identity. That's also how AWS Identity Anywhere works, just with more X509

I really loved this talk about using Let's Encrypt for IAM Anywhere https://www.youtube.com/watch?v=M1hXUcBMf1Q

I have personally also set up EKS Anywhere <https://github.com/aws/eks-anywhere#readme> with OIDC, so one need not have a "smart cloud" to get that done, but it places the burden upon security the cluster's identity upon the operator https://gitlab.com/-/snippets/2302594