Sale!

Kubernetes Secrets Management (MEAP V06) 1 / all 8 chapters Edition by Alex Soto Bueno 9781638351771 1638351775

Name: Kubernetes Secrets Management (MEAP V06) 1 / all 8 chapters Edition by Alex Soto Bueno 9781638351771 1638351775
SKU: EB-47503166
Availability: InStock

Original price was: $50.00.Current price is: $25.00.

Kubernetes Secrets Management (MEAP V06) 1 / all 8 chapters Edition Alex Soto Bueno Digital Instant Download

Author(s): Alex Soto Bueno; Andrew Block

ISBN(s): 9781617298912, 1617298913

Edition: 1 / all 8 chapters

File Details: PDF, 7.97 MB

Year: 2023

Language: English

SKU: EB-47503166 Category: Computers - Programming Tags: 1638351775, 9781638351771, Alex Soto Bueno, Andrew Block, Kubernetes Secrets, Secrets Management

Description

Kubernetes Secrets Management (MEAP V06) 1 / all 8 chapters Edition Alex Soto Bueno – Ebook Instant Download/Delivery ISBN(s): 9781638351771, 1638351775

Product details:

ISBN 10:1638351775
ISBN 13: 9781638351771
Author: Alex Soto Bueno

Kubernetes Secrets Management

Safely manage your secret information like passwords, keys, and certificates in Kubernetes. This practical guide is full of best practices and methods for adding layers of security that will defend the critical data of your applications. In Kubernetes Secrets Management you will find: Strategies for storing secure assets in Kubernetes Cryptographic options and how to apply them in Kubernetes Using the HashiCorp Vault server on Kubernetes for secure secrets storage Managing security with public cloud providers Applying security concepts using tools from the Kubernetes ecosystem End-to-end secrets storage from development to operations Implementing in Kubernetes in CI/CD systems Secrets, like database passwords and API keys, are some of the most important data in your application. Kubernetes Secrets Management reveals how to store these sensitive assets in Kubernetes in a way that’s protected against leaks and hacks. You’ll learn the default capabilities of Kubernetes secrets, where they’re lacking, and alternative options to strengthen applications and infrastructure. Discover a security-first mindset that is vital for storing and using secrets correctly, and tools and concepts that will help you manage sensitive assets such as certificates, keys, and key rotation. About the technology Kubernetes relies on passwords, tokens, keys, certificates, and other sensitive information to keep your system secure. But how do you keep these “secrets” safe? In this concise, practical book you’ll learn secrets management techniques that go far beyond the Kubernetes defaults. About the book Kubernetes Secrets Management reveals security best practices and reliable third-party tools for protecting sensitive data in Kubernetes-based systems. In this focused guide, you’ll explore relevant, real-world examples like protecting secrets in a code repository, securing keys with HashiCorp Vault, and adding layers to maintain protection after a breach. Along the way, you’ll pick up secrets management techniques you can use outside Kubernetes, as well. What’s inside Cryptographic options you can apply in Kubernetes Managing security with public cloud providers Secrets storage, from development to production End-to-end Kubernetes secrets management in CI/CD systems About the reader For readers experienced with Kubernetes and CI/CD practices. About the author Alex Soto is a director of developer experience at Red Hat, a Java Champion since 2007, an international speaker, and a teacher at Salle URL University. Andrew Block is a distinguished architect with Red Hat, and an active member of the open-source community. Table of Contents PART 1 SECRETS AND KUBERNETES 1 Kubernetes Secrets 2 An introduction to Kubernetes and Secrets PART 2 MANAGING SECRETS 3 Securely storing Secrets 4 Encrypting data at rest 5 HashiCorp Vault and Kubernetes 6 Accessing cloud secrets stores PART 3 CONTINUOUS INTEGRATION AND CONTINUOUS DELIVERY 7 Kubernetes-native continuous integration and Secrets 8 Kubernetes-native continuous delivery and Secrets

Table contents:

Part 1. Secrets and Kubernetes
1 Kubernetes Secrets
1.1 A focus on security
1.2 Taking full advantage of the Kubernetes ecosystem
1.3 Not everything is a Secret
1.4 Bringing secrets management and Kubernetes together
1.5 Tools to get started
Summary
2 An introduction to Kubernetes and Secrets
2.1 Kubernetes architecture
2.1.1 What is a master Node?
2.1.2 What is a worker Node?
2.2 Deploying workloads in Kubernetes
2.2.1 Deploying a workload
2.2.2 Deployment objects
2.2.3 Volume
2.3 Managing application configuration
2.3.1 ConfigMaps
2.4 Using Kubernetes Secrets to store sensitive information
2.4.1 Secrets are encoded in Base64
2.4.2 Secrets are mounted in a temporary file system
2.4.3 Secrets can be encrypted at rest
2.4.4 Risks
Summary
Part 2. Managing Secrets
3 Securely storing Secrets
3.1 Storing Kubernetes manifests at rest
3.1.1 Capturing resources for declarative configuration
3.2 Tools for securely storing Kubernetes resources
3.2.1 Ansible Vault
3.3 Kubernetes Operators
3.3.1 Custom resource definitions (CRDs)
3.3.2 Sealed Secrets
3.4 Managing Secrets within Kubernetes package managers
3.4.1 Deploying the Greeting Demo Helm chart
3.4.2 Using Helm Secrets
3.5 Rotating secrets
3.5.1 Ansible Vault secret key rotation
3.5.2 Sealed Secrets key rotation
3.5.3 SOPS secret key rotation
Summary
4 Encrypting data at rest
4.1 Encrypting secrets in Kubernetes
4.1.1 Data at rest vs. data in motion
4.1.2 Plain secrets
4.1.3 Encrypting secrets
4.1.4 Creating the secret
4.2 Key management server
4.2.1 Kubernetes and KMS provider
4.2.2 Creating the secret
Summary
5 HashiCorp Vault and Kubernetes
5.1 Managing application secrets using HashiCorp Vault
5.1.1 Deploying Vault to Kubernetes
5.1.2 Deploying an application to access Vault
5.2 Kubernetes auth method
5.2.1 Configuring Kubernetes auth
5.2.2 Testing and validating Kubernetes auth
5.3 The Vault Agent Injector
5.3.1 Configurations to support Kubernetes Vault Agent injection
Summary
6 Accessing cloud secrets stores
6.1 The Container Storage Interface and Secrets Store CSI Driver
6.1.1 Container Storage Interface
6.1.2 Container Storage Interface and Kubernetes
6.1.3 CSI and secrets
6.1.4 Installing prerequisites
6.1.5 Installing the Secrets Store CSI Driver
6.1.6 Consuming HashiCorp Vault secrets via the Secrets Store CSI Driver and the HashiCorp Vault provider
6.2 Synchronizing CSI secrets as Kubernetes Secrets
6.2.1 Preparing the namespace
6.2.2 Defining a SecretProviderClass resource with secretObjects
6.3 Autorotating secrets to improve security posture
6.3.1 Preparing the namespace
6.3.2 Deploying the Pod with a secret mounted
6.3.3 Updating the secret
6.4 Consuming secrets from cloud secrets stores
6.4.1 Azure Key Vault
6.4.2 GCP Secret Manager
6.4.3 AWS Secrets Manager
Summary
Part 3. Continuous integration and continuous delivery
7 Kubernetes-native continuous integration and Secrets
7.1 Introduction to continuous integration
7.2 Tekton
7.2.1 Installing prerequisites
7.2.2 Installing Tekton
7.2.3 Tekton pipelines
7.3 Continuous integration for a welcome message
7.3.1 Compiling and Running tests
7.3.2 Building and Pushing the container image
7.3.3 The PipelineResource
7.3.4 Pipeline
7.3.5 PipelineRun
Summary
8 Kubernetes-native continuous delivery and Secrets
8.1 Introduction to continuous delivery and deployment
8.2 Continuous delivery for the welcome message
8.2.1 Deploying the Name Generator service
8.2.2 DevOps and GitOps
8.3 Argo CD
8.3.1 Installation of ArgoCD
8.3.2 Welcome service and GitOps
8.3.3 Creating a Welcome Message service from a Git repository
8.3.4 Updating the Welcome service