Term · 32. Workload Identity & Cloud-native
Cluster Identity
Definition
Identity assigned to a Kubernetes cluster or cluster-level service — used for authentication to external services (cloud APIs, container registries, secrets stores) without per-pod credential distribution. Typically backed by cloud provider's workload identity federation (AWS IRSA, Azure Workload Identity, GCP Workload Identity Federation).
- Synonyms
-
- Kubernetes cluster identity
- Multi-cluster identity
- Application
- Regulatory: CNCF — SPIFFE / SPIRE specs
- Standards & regulations
-
- CNCF
Related terms
-
Ephemeral Credentials
Credentials with very short lifetime (minutes) issued just-in-time and revoked after use. Replaces long-lived secrets in …
-
OIDC for Cloud (Workload OIDC)
Pattern using OIDC tokens issued by cloud platforms (AWS IRSA, Azure Workload Identity, GCP Workload Identity Federation …
-
Service Account (SA)
Non-human account used by applications, services, or scheduled tasks to authenticate to other systems. Common categories …
-
Service Mesh Identity
Identity model for microservices within service mesh — each service has cryptographic identity (SPIFFE ID, X.509 cert) a …
-
SPIFFE (Secure Production Identity Framework For Everyone) (SPIFFE)
Secure Production Identity Framework For Everyone — CNCF standard for cryptographic workload identity. Defines SPIFFE ID …
-
SPIRE (SPIFFE Runtime Environment) (SPIRE)
SPIFFE Runtime Environment — open-source reference implementation of SPIFFE. Provides workload attestation (verify workl …