Advanced identity management features for SKE clusters
Section titled “Advanced identity management features for SKE clusters”Developers can now access SKE clusters via single sign-on (SSO):
- STACKIT Identity Provider (IdP) integration: SKE clusters can now be connected to the STACKIT IdP. This allows developers to seamlessly access clusters without having to manage separate credentials.
- Fine-grained cluster permissions: Once a cluster is connected to STACKIT IdP, administrators can use standard Kubernetes RBAC rules to manage developer permissions.
In-cluster workloads can now use Workload Identity to access STACKIT APIs with temporary credentials:
- Service Account federation: STACKIT Service Accounts can now federate against SKE clusters. This allows Kubernetes Service Accounts to act as STACKIT Service Accounts.
- Automatic Workload Identity injection in Pods: Pods can be annotated with a Kubernetes Service Account. They will automatically receive the necessary token for STACKIT API access. This allows the STACKIT CLI or SDK to access STACKIT APIs without manual secrets management.