Use case: Kubernetes Secret Visible to One Container in a Pod
We can enhance the security for the senstive information within a pod by making it visible to only one container that is needed. For example take this secenario they are front and backend applications, front end application container is responsible for user interaction and complex business logic. Other backend application container will handle the message signing responsibility using private key that is stored securely in kubernetes secrets. Here the front end application doesn’t have expose to view the private key and see the sensitive data. The following yaml code illustrates it clearly.
apiVersion: v1
kind: Secret
metadata:
name: signing-secret
data:
.private-key: cGFzc3dvcmQ=
---
apiVersion: v1
kind: Pod
metadata:
name: secure-pod
spec:
containers:
- name: frontend-container
image: myregistry.io/frontend-app
# Configuration for frontend container...
- name: signer-container
image: myregistry.io/signer-app
command:
- ls
- "-la"
- "/etc/signing"
volumeMounts:
- name: signing-volume
readOnly: true
mountPath: "/etc/signing"
volumes:
- name: signing-volume
secret:
secretName: signing-secret
Kubernetes – Secrets
Kubernetes is an open-source container orchestration system mainly used for automated software deployment, management, and scaling. Kubernetes is also known as K8s. Kubernetes was originally developed by Google but it is now being maintained by Cloud Native Computing Foundation. It was originally designed to be interfaced with only Docker runtime but it now works with containers and CRI-O also. The main purpose of Kubernetes is to automate the operational tasks of container management. It is included with built-in commands for the deployment of applications and rolling out the required changes in the application. It is currently being used by companies like Google, Spotify, and capital one.
Table of Content
- What Are Kubernetes Secrets?
- Uses of Kubernetes Secretes
- Using A Kubernetes Secret
- Use Case: Dotfiles in a Kubernetes Secret Volume
- Use case: Kubernetes Secret Visible to One Container in a Pod
- Types Of Kubernetes Secrets
- Ways To Create Kubernetes Secrets
- Creating Kubernetes Secrets Using Kubectl
- Create Kubernetes Secrets Using A Manifest File
- Create Kubernetes Secrets Using A Generator Like Kustomize
- Kubernetes Secrets vs Configmap
- Kubernetes Secrets Vs Vault
- How to Manage Kubernetes Secrets?
- How to Use Kubernetes Secrets as Files In Containers?
- Working With Kubernetes
- Alternatives to Kubernetes Secrets
- Kubernetes Secrets – FAQs