From the course: Certified Kubernetes Security Specialist (CKS) Cert Prep
Join today to access over 24,900 courses taught by industry experts.
Understanding Kubernetes secrets - Kubernetes Tutorial
From the course: Certified Kubernetes Security Specialist (CKS) Cert Prep
Understanding Kubernetes secrets
- Kubernetes secrets are something that we have used in other lessons. And why do we need them? What are the point of having secrets available within Kubernetes? Well, it comes down to having a mechanism to be able to protect sensitive data, and the ability to be able to store this confidential information within the etcd database is really what secrets are all about. Now, it does provide the ability to be able to do a decoupling as well, where the secret can be separated from the actual workload that uses it, which means that the ability for that particular workload, if it were to be compromised, the container, the code that's in it, it's not hard coded, that information isn't hard coded, like tokens or other things like that. So that decoupling is a crucial component because it allows for a lot of transportability as well as to be able to better protect those secrets. Now, secret usage within Kubernetes comes from the fact that, as we said before, it stores it in the etcd, which is…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
(Locked)
Module 3: Cluster hardening introduction37s
-
(Locked)
Learning objectives33s
-
(Locked)
Kubernetes API fundamentals6m 31s
-
(Locked)
Kubernetes access control10m 44s
-
(Locked)
API server configuration11m 38s
-
(Locked)
API server hardening13m 6s
-
(Locked)
Verify access control policies13m 37s
-
(Locked)
-
-
(Locked)
Module 6: Software supply chain security introduction40s
-
(Locked)
Learning objectives35s
-
(Locked)
Software supply chain risks9m 25s
-
(Locked)
Protect image registry access5m 36s
-
(Locked)
Require signed images14m 22s
-
(Locked)
Policy enforcement: Image policy webhook21m 28s
-
(Locked)
Policy enforcement: Validating admission policy8m 55s
-
(Locked)
-
-
(Locked)
Learning objectives47s
-
(Locked)
Understanding syscall behavioral analysis12m 28s
-
(Locked)
Using Falco for threat detection7m 14s
-
(Locked)
Falco host installation14m
-
(Locked)
Falco Kubernetes installation13m 51s
-
(Locked)
Falco configuration and rules7m 42s
-
(Locked)
Falco custom rules in action19m 17s
-
(Locked)
-
-
(Locked)
Module 8: Exam practice scenarios introduction42s
-
(Locked)
Learning objectives52s
-
(Locked)
Securing Kubernetes API access12m 37s
-
(Locked)
Implementing pod security standards (PSS)11m 43s
-
(Locked)
Enforcing network policies for pod communication12m 27s
-
(Locked)
Restricting image registries11m 7s
-
(Locked)
Configuring secret encryption12m 32s
-
(Locked)