Support for workload identity to improve cluster security
- Services: Kubernetes Engine
- Release Date: March 15, 2023
In Oracle Cloud Infrastructure, a workload running on a Kubernetes cluster you have created with Container Engine for Kubernetes is now considered a resource in its own right. Each workload has its own unique identity.
You can use the workload identity when defining IAM policies to grant workloads fine-grained access to other OCI resources (such as Object Storage buckets). You can also satisfy compliance requirements by tracking requests made by a workload identity, enabling you to monitor and report unauthorized access and suspicious activity.
You use workload identities with an OCI SDK (the Go SDK and the Java SDK are supported initially).
Workload identity is only available with enhanced clusters.
For more information, see Granting Workloads Access to OCI Resources.