Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
The DevOps 2.3 Toolkit

You're reading from   The DevOps 2.3 Toolkit Kubernetes: Deploying and managing highly-available and fault-tolerant applications at scale

Arrow left icon
Product type Paperback
Published in Sep 2018
Publisher Packt
ISBN-13 9781789135503
Length 418 pages
Edition 1st Edition
Concepts
Arrow right icon
Author (1):
Arrow left icon
Viktor Farcic Viktor Farcic
Author Profile Icon Viktor Farcic
Viktor Farcic
Arrow right icon
View More author details
Toc

Table of Contents (18) Chapters Close

Preface 1. How Did We Get Here? FREE CHAPTER 2. Running Kubernetes Cluster Locally 3. Creating Pods 4. Scaling Pods With ReplicaSets 5. Using Services to Enable Communication between Pods 6. Deploying Releases with Zero-Downtime 7. Using Ingress to Forward Traffic 8. Using Volumes to Access Host's File System 9. Using ConfigMaps to Inject Configuration Files 10. Using Secrets to Hide Confidential Information 11. Dividing a Cluster into Namespaces 12. Securing Kubernetes Clusters 13. Managing Resources 14. Creating a Production-Ready Kubernetes Cluster 15. Persisting State 16. The End 17. Other Books You May Enjoy

Not so secretive Secrets

Almost everything Kubernetes needs is stored in etcd (https://github.com/coreos/etcd). That includes Secrets. The problem is that they are stored as plain text. Anyone with access to etcd has access to Kubernetes Secrets. We can limit the access to etcd, but that's not the end of our troubles. etcd stores data to disk as plain text. Restricting the access to etcd still leaves the Secrets vulnerable to who has access to the file system. That, in a way, diminishes the advantage of storing Secrets in containers in tmpfs. There's not much benefit of having them in tmpfs used by containers, if those same Secrets are stored on disk by etcd.

Even after securing the access to etcd and making sure that unauthorized users do not have access to the file system partition used by etcd, we are still at risk. When multiple replicas of etcd are running, data...

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image