Muutke küpsiste eelistusi

Securing Kubernetes Secrets [Pehme köide]

4.29/5 (14 hinnangut Goodreads-ist)
,
  • Formaat: Paperback / softback, 250 pages, kõrgus x laius x paksus: 235x185x18 mm, kaal: 460 g
  • Ilmumisaeg: 12-Jan-2023
  • Kirjastus: Manning Publications
  • ISBN-10: 1617298913
  • ISBN-13: 9781617298912
Teised raamatud teemal:
Securing Kubernetes SecretsSuurem pilt
  • Formaat: Paperback / softback, 250 pages, kõrgus x laius x paksus: 235x185x18 mm, kaal: 460 g
  • Ilmumisaeg: 12-Jan-2023
  • Kirjastus: Manning Publications
  • ISBN-10: 1617298913
  • ISBN-13: 9781617298912
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9781617298912.html
Märksõnad:
Safely store secret information like passwords, keys, and certificates in Kubernetes. In this practical guide, you'll discover methods for adding layers of security that will defend the critical data of your applications.

In Securing Kubernetes Secrets you will find:





Strategies for storing secure assets in Kubernetes Cryptographic options and how to apply them in Kubernetes Using the HashiCorp Vault server on Kubernetes for secure secrets storage Managing security with public cloud providers Applying security concepts using tools from the Kubernetes ecosystem End-to-end secrets storage from development to operations Implementing in Kubernetes in CI/CD systems



Secrets, like database passwords and API keys, are some of the most important data in your application. Securing Kubernetes Secrets reveals how to store these sensitive assets in Kubernetes in a way that's protected against leaks and hacks. You'll learn about the default capabilities of Kubernetes secrets, where they're lacking, and alternative options to strengthen applications and infrastructure.

Kubernetes secrets include small and sensitive data like passwords, tokens, and keys. The security defaults of Kubernetes are rarely enough to protect this valuable data, and can leave itand youexposed. In this book, you'll learn how to bake security into Kubernetes-based applications right from the start with security best practices and reliable third-party tools like HashiCorp Vault

Arvustused

'I learnt a lot about how to do secrets management in Kubernetes. I'm also very pleased and embarrassed (as a Kubernetes trainer) to say that I picked up a few tips & tricks about Kubernetes itself along the way!' Michael Bright 'It is an absolute must to read this book.' Werner Dijkerman 'I'm currently implementing a secretes management solution in kubernetes, and wish I had this text at the beginning of this journey.' Milorad Imbra

'Provides insight into a complex topic even if you are not an expert in Kubernetes, DevOps or IT Security.' Atila Kaya

Preface xi
Acknowledgments xiii
About this book xv
About the authors xviii
About the cover illustration xix
PART 1 Secrets and Kubernetes
1(32)
1 Kubernetes Secrets
3(7)
1.1 A focus on security
4(1)
1.2 Taking full advantage of the Kubernetes ecosystem
5(1)
1.3 Not everything is a Secret
5(1)
1.4 Bringing secrets management and Kubernetes together
6(3)
1.5 Tools to get started
9(1)
2 An introduction to Kubernetes and Secrets
10(23)
2.1 Kubernetes architecture
11(2)
What is a master Node?
12(1)
What is a worker Node?
13(1)
2.2 Deploying workloads in Kubernetes
13(6)
Deploying a workload
13(2)
Deployment objects
15(4)
Volume
19(1)
2.3 Managing application configuration
19(6)
ConfigMaps
19(6)
2.4 Using Kubernetes Secrets to store sensitive information
25(8)
Secrets are encoded in Base64
26(2)
Secrets are mounted in a temporary file system
28(1)
Secrets can be encrypted at rest
28(1)
Risks
29(4)
PART 2 MANAGING SECRETS
33(116)
3 Securely storing Secrets
35(26)
3.1 Storing Kubernetes manifests at rest
36(4)
Capturing resources for declarative configuration
37(3)
3.2 Tools for securely storing Kubernetes resources
40(5)
Ansible Vault
40(5)
3.3 Kubernetes Operators
45(6)
Custom resource definitions (CRDs)
46(1)
Sealed Secrets
47(4)
3.4 Managing Secrets within Kubernetes package managers
51(7)
Deploying the Greeting Demo Helm chart
52(2)
Using Helm Secrets
54(4)
3.5 Rotating secrets
58(3)
Ansible Vault secret key rotation
58(1)
Sealed Secrets key rotation
59(1)
SOPS secret key rotation
60(1)
4 Encrypting data at rest
61(18)
4.1 Encrypting secrets in Kubernetes
62(7)
Data at rest vs. data in motion
62(1)
Plain secrets
62(2)
Encrypting secrets
64(3)
Creating the secret
67(2)
4.2 Key management server
69(10)
Kubernetes and KMS provider
70(7)
Creating the secret
77(2)
5 HashiCorp Vault and Kubernetes
79(70)
5.1 Managing application secrets using HashiCorp Vault
80(14)
Deploying Vault to Kubernetes
81(10)
Deploying an application to access Vault
91(3)
5.2 Kubernetes auth method
94(4)
Configuring Kubernetes auth
95(2)
Testing and validating Kubernetes auth
97(1)
5.3 The Vault Agent Injector
98(6)
Configurations to support Kubernetes Vault Agent injection
100(3)
Accessing cloud secrets stores
103(1)
6.1 The Container Storage Interface and Secrets Store CSI Driver
104(12)
Container Storage Interface
104(2)
Container Storage Interface and Kubernetes
106(1)
CSI and secrets
107(1)
Installing prerequisites
108(1)
Installing the Secrets Store CSI Driver
109(2)
Consuming HashiCorp Vault secrets via the Secrets Store CSI Driver and the HashiCorp Vault provider
111(5)
6.2 Synchronizing CSI secrets as Kubernetes Secrets
116(5)
Preparing the namespace
117(1)
Defining a SecretProviderClass resource with secretObjects
117(4)
6.3 Autorotating secrets to improve security posture
121(5)
Preparing the namespace
122(3)
Deploying the Pod with a secret mounted
125(1)
Updating the secret
126(1)
6.4 Consuming secrets from cloud secrets stores
126(23)
Azure Key Vault
127(8)
GCP Secret Manager
135(8)
A WS Secrets Manager
143(6)
PART 3 Continuous integration and continuous delivery
149(52)
7 Kubernetes-native continuous integration and Secrets
151(23)
7.1 Introduction to continuous integration
152(1)
7.2 Tekton
153(10)
Installing prerequisites
154(2)
Installing Tekton
156(1)
Tekton pipelines
157(6)
7.3 Continuous integration for a welcome message
163(11)
Compiling and Running tests
166(1)
Building and Pushing the container image
166(2)
The Pipeline Resource
168(1)
Pipeline
169(1)
PipelineRun
170(4)
8 Kubernetes-native continuous delivery and Secrets
174(27)
8.1 Introduction to continuous delivery and deployment
175(1)
8.2 Continuous delivery for the welcome message
176(3)
Deploying the Name Generator service
176(2)
DevOps and GitOps
178(1)
8.3 Argo CD
179(22)
Installation of ArgoCD
180(2)
Welcome service and GitOps
182(4)
Creating a Welcome Message service from a Git repository
186(4)
Updating the Welcome service
190(11)
Appendix A Tooling 201(6)
Appendix B Installing and configuringyq 207(3)
Appendix C Installing and configuring pip 210(3)
Appendix D Installing and configuring Git 213(3)
Appendix E Installing GPG 216(3)
Index 219
Alex Soto  is a director of developer experience at Red Hat, a Java Champion since 2007, an international speaker, and a teacher at Salle URL University.

Andrew Block  is a distinguished architect with Red Hat who works with organizations to design and implement solutions leveraging cloud native technologies. He is active in the open-source community as both a presenter and contributor.