Limit search to available items
Book Cover
E-book
Author Gkatziouras, Emmanouil, author

Title Kubernetes secrets handbook : design, implement, and maintain production-grade Kubernetes secrets management solutions / Emmanouil Gkatziouras, Rom Adams, Chen Xi
Edition [First edition]
Published Birmingham, UK : Packt Publishing, 2024

Copies

Description 1 online resource (294 pages) : illustrations
Contents Intro -- Title Page -- Copyright and Credits -- Dedicated -- Foreword -- Contributors -- Table of Contents -- Preface -- Part 1: Introduction to Kubernetes Secrets Management -- Chapter 1: Understanding Kubernetes Secrets Management -- Technical requirements -- Understanding Kubernetes' origins and design principles -- From bare metal to containers -- Kubernetes overview -- Kubernetes design principles -- Kubernetes architecture -- Getting hands-on -- from a local container to a Kubernetes Pod -- Secrets within Kubernetes -- Secrets concepts -- Storing Secrets on Kubernetes
Why should we care? -- Security exposures -- Summary -- Chapter 2: Walking through Kubernetes Secrets Management Concepts -- Technical requirements -- What are Kubernetes Secrets, and how do they differ from other Kubernetes objects? -- Different types of Secrets and their usage scenarios -- Opaque -- Kubernetes service account token -- Docker config -- Basic authentication -- TLS client or server -- Token data -- Conclusion -- Creating, modifying, and deleting Secrets in Kubernetes -- data and stringData -- Updating Secrets -- Deleting Secrets -- Conclusion
Kubernetes Secrets configuration in different deployment scenarios -- Secret usage among environments -- From development to deployment -- Conclusion -- Requirement for managing Secrets, including secure storage and access control -- Secure storage -- Access control -- Git and encryption -- Conclusion -- Securing access to Secrets with RBAC -- RBAC introduction -- RBAC and Secrets -- Conclusion -- Auditing and monitoring secret usage -- minikube note -- Summary -- Chapter 3: Encrypting Secrets the Kubernetes-Native Way -- Technical requirements -- Kubernetes-native encryption
Standalone native encryption -- Native encryption with an external component -- Going further with securing etcd -- Linux system hardening -- Linux data encryption -- Transport -- Summary -- Chapter 4: Debugging and Troubleshooting Kubernetes Secrets -- Technical requirements -- Discussion of common issues with Kubernetes Secrets -- Helm and Helm Secrets -- Secret application pitfalls -- Debugging and troubleshooting Secrets -- The describe command -- Non-existing Secrets -- Badly configured Secrets -- Troubleshooting and observability solutions
Best practices for debugging and troubleshooting Secrets -- Avoiding leaking Secrets -- Summary -- Part 2: Advanced Topics -- Kubernetes Secrets in a Production Environment -- Chapter 5: Security, Auditing, and Compliance -- Technical requirements -- Cybersecurity versus cyber risk -- Cybersecurity -- Cyber risk -- Conclusion -- Compliance standards -- Adopting a DevSecOps mindset -- Tools -- Trivy -- kube-bench -- Compliance Operator -- StackRox -- Kubernetes logging -- Summary -- Chapter 6: Disaster Recovery and Backups -- Technical requirements
Summary Gain hands-on skills in Kubernetes Secrets management, ensuring a comprehensive overview of the Secrets lifecycle and prioritizing adherence to regulatory standards and business sustainability Key Features Master Secrets encryption, encompassing complex life cycles, key rotation, access control, backup, and recovery Build your skills to audit Secrets consumption, troubleshoot, and optimize for efficiency and compliance Learn how to manage Secrets through real-world cases, strengthening your applications' security posture Purchase of the print or Kindle book includes a free PDF eBook Book Description Securing Secrets in containerized apps poses a significant challenge for Kubernetes IT professionals. This book tackles the critical task of safeguarding sensitive data, addressing the limitations of Kubernetes encryption, and establishing a robust Secrets management system for heightened security for Kubernetes. Starting with the fundamental Kubernetes architecture principles and how they apply to the design of Secrets management, this book delves into advanced Kubernetes concepts such as hands-on security, compliance, risk mitigation, disaster recovery, and backup strategies. With the help of practical, real-world guidance, you'll learn how to mitigate risks and establish robust Secrets management as you explore different types of external secret stores, configure them in Kubernetes, and integrate them with existing Secrets management solutions. Further, you'll design, implement, and operate a secure method of managing sensitive payload by leveraging real use cases in an iterative process to enhance skills, practices, and analytical thinking, progressively strengthening the security posture with each solution. By the end of this book, you'll have a rock-solid Secrets management solution to run your business-critical applications in a hybrid multi-cloud scenario, addressing operational risks, compliance, and controls. What you will learn Explore Kubernetes Secrets, related API objects, and CRUD operations Understand the Kubernetes Secrets limitations, attack vectors, and mitigation strategies Explore encryption at rest and external secret stores Build and operate a production-grade solution with a focus on business continuity Integrate a Secrets Management solution in your CI/CD pipelines Conduct continuous assessments of the risks and vulnerabilities for each solution Draw insights from use cases implemented by large organizations Gain an overview of the latest and upcoming Secrets management trends Who this book is for This handbook is a comprehensive reference for IT professionals to design, implement, operate, and audit Secrets in applications and platforms running on Kubernetes. For developer, platform, and security teams experienced with containers, this Secrets management guide offers a progressive path--from foundations to implementation--with a security-first mindset. You'll also find this book useful if you work with hybrid multi-cloud Kubernetes platforms for organizations concerned with governance and compliance requirements
Bibliography Includes bibliographical references and index
SUBJECT Kubernetes. http://id.loc.gov/authorities/names/n2022035366
Subject Application software -- Development -- Computer programs
Form Electronic book
Author Adams, Rom, author
Xi, Chen, author
ISBN 9781805127154
1805127152