What is workload identity in Kubernetes and how do IRSA (IAM Roles for Service Accounts) or Workload Identity work?

Question

Kubernetes Fundamentals — Hard

What is workload identity in Kubernetes and how do IRSA (IAM Roles for Service Accounts) or Workload Identity work?

Accepted Answer

Workload identity in Kubernetes integrates service account tokens with cloud provider IAM systems. This enables pods to receive short-lived, rotated cloud credentials, allowing fine-grained access without storing credentials in Secrets. The correct answer, B, accurately describes this process. Options A, C, and D are incorrect as they misrepresent the purpose and functionality of workload identity and IRSA.