About gabrielt

gabrielt

This blog post provides a comprehensive guide on how to utilize Kubernetes service accounts and their OIDC tokens to establish secure communication between two Kubernetes clusters, referred to as “upstream” and “downstream” clusters. Imagine you want...

gabrielt

 On June 25th 2024 at 13:00 UTC we will have a webinar for "How to fight the dependency hell". Register now here and join the conversation and discussion! Looking forward to seeing you there!We began the process of automating our software dependency...

gabrielt

Continuous Integration (CI) systems like Jenkins often use long-lived credentials to authenticate to Kubernetes clusters. While some CI systems have native support for issuing short-lived OpenID Connect (OIDC) tokens, Jenkins doesn’t have this native...

gabrielt

Update (12.04.2023): Another approach leveraging Kubernetes’ native credential plugin is now available at the end of this post. Insufficient credential hygiene is one of the top security threats to automatic CI/CD pipelines and connected environmen...

gabrielt

In this blog, I will share how you can use Kubernetes service accounts and their OIDC tokens to securely pull container images from private registries without having to copy secrets around. In this blog, I will focus on how to set it up using a Kuber...

gabrielt

@john-juan_fioneer: SAP BTP, Kyma runtime has enabled the Gardener OIDC extension by default for new clusters (see https://github.com/kyma-project/kyma/issues/18305#issuecomment-2337287229). This allows you to use the described steps directly with a ...

User Statistics

User Activity

Kubernetes Cross-Cluster Communication: Ditching Long-Lived Credentials

The Case for Automating Dependency Updates!

Using Jenkins OpenID Connect Provider Plugin in Kubernetes

Using GitHub Actions OpenID Connect in Kubernetes

Use Kubernetes Service Accounts in Combination with OIDC Identity Federation for imagePullSecrets

Re: Using GitHub Actions OpenID Connect in Kubernetes