J W W W . T I F F A N Y F A Y . D E V • OIDC is conceptually similar to TLS (but different set of protocols) • On self-hosted clusters, you'd need to add a few command-line flags to API server: ◦ --oidc-issuer-url → URL of the OpenID provider ◦ --oidc-client-id → OpenID app requesting the authentication (=our cluster) • More details on k8s.io/docs/reference/access-authn-authz/authentication/#openid-connect-tokens • On managed clusters, there may be ways to achieve the same results, e.g. on EKS: docs.aws.amazon.com/eks/latest/userguide/authenticate-oidc-identity-provider.html TOKENS: OIDC