The talk explores our journey in building a Container Platform based on Kubernetes and transitioning towards a microservices architecture on a multi-hybrid-cloud infrastructure. The main focus will be on addressing the "runtime identity" issue for Kubernetes pods, tackled through the use of the Service Account Token Volume Projection introduced in Kubernetes 1.20 and the federation of Kubernetes clusters with identity providers from major cloud providers (e.g., Entra-ID, AWS STS) and Hashicorp Vault. The presentation will demonstrate how this solution enables secure and scoped pod identities, facilitating native access to cloud provider XaaS services while adhering to OAuth2.0 standards