As the Kubernetes footprint expands through a number of development and production clusters—spread across on-premises data centers, multiple public cloud providers, and edge locations—it shouldn’t be a surprise that complexity leads to challenges. When it comes to ensuring Kubernetes security and controlling access to clusters, limited standards, and shared practices are creating a “wild west” scenario. Many organizations have multiple clusters in multiple locations—often running different distributions with different management interfaces—and teams of developers, operators, contractors, and partners who need varying levels of access. In this presentation, we’ll review how to apply Kubernetes zero trust principles to enable controlled, audited cluster access for developers, SREs, and automation systems to a Kubernetes infrastructure. We will cover ways to enable just-in-time service account creation and user-level credentials management, and how to integrate with existing RBAC/SSO solutions, in order to centralize access control to entire fleets of Kubernetes clusters, regardless of where the user or system seeking access is located. We will secure kubectl access to all clusters with integrated enterprise RBAC/SSO, ensure compliance with internal security policies and industry regulations, and provide immutable audit trails of all user and system access.