SlideShare a Scribd company logo
Kubernetes Secret
Evan Lin
Kubernetes Authentication and
Authorization
Authorization - Access Control
● ABAC (Attribute-Based Access Control)
○ Specific every access control by attribute.
Authorization - Access Control
● RBAC (Role-Based Access Control)
○ Specific every access control by attribute.
Kubernetes Account Type
User Account Service Acccount
Identifier for User Process (run in Pod)
Scope Global By namespace, process
Config Simple Much Complex
How to create Service Account
● Service Account:
○ Combination of “SECRET”s.
● Create by command
○ kubectl create serviceaccount jenkins
● Create by yaml
○ apiVersion: v1
kind: ServiceAccount
metadata:
name: build-robot
○ kubectl create -f /tmp/serviceaccount.yaml
serviceaccounts/build-robot
SECRET
● Object Storage:
○ OAuth token, SSH Keys.
● Use for:
○ Pod:
■ One pod can assign multiple secrets
○ Service Account:
■ One service account owns multiple secrets
○ Image Pull
■ A sec.ImagePullSecrets is a secret to login private docker registry.
● How to use it:
○ Use it from “Environment Variables”
○ Use it from “Secret Mount”
Secret: Prepare secret
● Secret File: (my_password_secret.yaml)
apiVersion: v1
kind: Secret
metadata:
name: mysecret
type: Opaque
data:
password: MWYyZDFlMmU2N2Rm //1f2d1e2e67df
username: YWRtaW4= //admin
● How to use it:
○ Put it into system:
■ kubectl create -f ./secret.yaml
Secret: Use Case - Environment Variable
● Pod File: (pod_with_secret.yaml)
● How to use it:
○ Put it into system:
■ kubectl create -f ./pod_with_secret.yaml
Secret: Use Case - Security Volume
● Pod File: (secret_volumn.json)
● How to use it:
○ Put it into system:
■ kubectl create -f ./secret_volumn.json
Authenitication: httpd
Refer to walkthrough:
https://github.com/aledbf/contrib/blob/6d61ea81bb0bdbbc115cd6a6e9c59ef
653afb213/ingress/controllers/nginx/examples/auth/README.md
OAuth Server List
● Go: OpenID Connect Identity (OIDC) and OAuth 2.0 Provider with
Pluggable Connectors
● Go: Auth Boss
● Go: OAuth2
● Go: Docker registry oauth server
● Ruby: OAuth server with UI management system

More Related Content

What's hot

Perl Tools for Productivity
Perl Tools for ProductivityPerl Tools for Productivity
Perl Tools for ProductivityTudor Constantin
 
Design Summit - Security Roadmap - Keenan Brock, Alberto Bellotti
Design Summit - Security Roadmap - Keenan Brock, Alberto BellottiDesign Summit - Security Roadmap - Keenan Brock, Alberto Bellotti
Design Summit - Security Roadmap - Keenan Brock, Alberto BellottiManageIQ
 
Azure functions: from a function to a whole application in 60 minutes
Azure functions: from a function to a whole application in 60 minutesAzure functions: from a function to a whole application in 60 minutes
Azure functions: from a function to a whole application in 60 minutesAlessandro Melchiori
 
Don't Fear the Platform
Don't Fear the PlatformDon't Fear the Platform
Don't Fear the PlatformESUG
 
casperjs presentation
 casperjs presentation casperjs presentation
casperjs presentationAnsviaLab
 
Local Lambda Debugging
Local Lambda DebuggingLocal Lambda Debugging
Local Lambda DebuggingMatt Billock
 
AWS ElasticBeanstalk and Docker
AWS ElasticBeanstalk and Docker AWS ElasticBeanstalk and Docker
AWS ElasticBeanstalk and Docker kloia
 
JS & NodeJS - An Introduction
JS & NodeJS - An IntroductionJS & NodeJS - An Introduction
JS & NodeJS - An IntroductionNirvanic Labs
 
Clojure web dev history
Clojure web dev historyClojure web dev history
Clojure web dev historyIkuru Kanuma
 
Dynamic management of kubernetes
Dynamic management of kubernetesDynamic management of kubernetes
Dynamic management of kubernetesMartin Podval
 

What's hot (10)

Perl Tools for Productivity
Perl Tools for ProductivityPerl Tools for Productivity
Perl Tools for Productivity
 
Design Summit - Security Roadmap - Keenan Brock, Alberto Bellotti
Design Summit - Security Roadmap - Keenan Brock, Alberto BellottiDesign Summit - Security Roadmap - Keenan Brock, Alberto Bellotti
Design Summit - Security Roadmap - Keenan Brock, Alberto Bellotti
 
Azure functions: from a function to a whole application in 60 minutes
Azure functions: from a function to a whole application in 60 minutesAzure functions: from a function to a whole application in 60 minutes
Azure functions: from a function to a whole application in 60 minutes
 
Don't Fear the Platform
Don't Fear the PlatformDon't Fear the Platform
Don't Fear the Platform
 
casperjs presentation
 casperjs presentation casperjs presentation
casperjs presentation
 
Local Lambda Debugging
Local Lambda DebuggingLocal Lambda Debugging
Local Lambda Debugging
 
AWS ElasticBeanstalk and Docker
AWS ElasticBeanstalk and Docker AWS ElasticBeanstalk and Docker
AWS ElasticBeanstalk and Docker
 
JS & NodeJS - An Introduction
JS & NodeJS - An IntroductionJS & NodeJS - An Introduction
JS & NodeJS - An Introduction
 
Clojure web dev history
Clojure web dev historyClojure web dev history
Clojure web dev history
 
Dynamic management of kubernetes
Dynamic management of kubernetesDynamic management of kubernetes
Dynamic management of kubernetes
 

Similar to Kubernetes secret introduction

Kubernetes Security Updates from Kubecon 2018 Seattle
Kubernetes Security Updates from Kubecon 2018 SeattleKubernetes Security Updates from Kubecon 2018 Seattle
Kubernetes Security Updates from Kubecon 2018 SeattleSuraj Deshmukh
 
Kubernetes #3 security
Kubernetes #3   securityKubernetes #3   security
Kubernetes #3 securityTerry Cho
 
[APIdays Paris 2019] From Microservices to APIs: The API operator in Kubernetes
[APIdays Paris 2019] From Microservices to APIs: The API operator in Kubernetes[APIdays Paris 2019] From Microservices to APIs: The API operator in Kubernetes
[APIdays Paris 2019] From Microservices to APIs: The API operator in KubernetesWSO2
 
Role based access control - RBAC - Kubernetes
Role based access control - RBAC - KubernetesRole based access control - RBAC - Kubernetes
Role based access control - RBAC - KubernetesMilan Das
 
Defcon 27 - Exploiting IAM in GCP
Defcon 27 - Exploiting IAM in GCPDefcon 27 - Exploiting IAM in GCP
Defcon 27 - Exploiting IAM in GCPNetskope
 
Exploiting IAM in GCP
Exploiting IAM in GCPExploiting IAM in GCP
Exploiting IAM in GCPColin Estep
 
Exploiting IAM in the google cloud platform - dani_goland_mohsan_farid
Exploiting IAM in the google cloud platform - dani_goland_mohsan_faridExploiting IAM in the google cloud platform - dani_goland_mohsan_farid
Exploiting IAM in the google cloud platform - dani_goland_mohsan_faridCloudVillage
 
Kubernetes with docker
Kubernetes with dockerKubernetes with docker
Kubernetes with dockerDocker, Inc.
 
Lamdba micro service using Amazon Api Gateway
Lamdba micro service using Amazon Api GatewayLamdba micro service using Amazon Api Gateway
Lamdba micro service using Amazon Api GatewayMike Becker
 
Extending kubernetes
Extending kubernetesExtending kubernetes
Extending kubernetesGigi Sayfan
 
Engineering Domain Team Bootstrap
Engineering Domain Team BootstrapEngineering Domain Team Bootstrap
Engineering Domain Team BootstrapGunnarHolwerda
 
Attacking and Defending Kubernetes - Nithin Jois
Attacking and Defending Kubernetes - Nithin JoisAttacking and Defending Kubernetes - Nithin Jois
Attacking and Defending Kubernetes - Nithin JoisOWASP Hacker Thursday
 
CactusCon 2019: Exploiting IAM in GCP
CactusCon 2019: Exploiting IAM in GCPCactusCon 2019: Exploiting IAM in GCP
CactusCon 2019: Exploiting IAM in GCPColin Estep
 
DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security
DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security
DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security DevOpsDays Riga
 
How to Install and Configure your own Identity Manager GE
How to Install and Configure your own Identity Manager GEHow to Install and Configure your own Identity Manager GE
How to Install and Configure your own Identity Manager GEFederico Fernández Moreno
 
How to Install & Configure Your Own Identity Manager GE
How to Install & Configure Your Own Identity Manager GEHow to Install & Configure Your Own Identity Manager GE
How to Install & Configure Your Own Identity Manager GEFIWARE
 
在 LINE 私有雲中使用 Managed Kubernetes
在 LINE 私有雲中使用 Managed Kubernetes在 LINE 私有雲中使用 Managed Kubernetes
在 LINE 私有雲中使用 Managed KubernetesLINE Corporation
 

Similar to Kubernetes secret introduction (20)

Kubernetes Security Updates from Kubecon 2018 Seattle
Kubernetes Security Updates from Kubecon 2018 SeattleKubernetes Security Updates from Kubecon 2018 Seattle
Kubernetes Security Updates from Kubecon 2018 Seattle
 
Kubernetes #3 security
Kubernetes #3   securityKubernetes #3   security
Kubernetes #3 security
 
[APIdays Paris 2019] From Microservices to APIs: The API operator in Kubernetes
[APIdays Paris 2019] From Microservices to APIs: The API operator in Kubernetes[APIdays Paris 2019] From Microservices to APIs: The API operator in Kubernetes
[APIdays Paris 2019] From Microservices to APIs: The API operator in Kubernetes
 
Role based access control - RBAC - Kubernetes
Role based access control - RBAC - KubernetesRole based access control - RBAC - Kubernetes
Role based access control - RBAC - Kubernetes
 
Defcon 27 - Exploiting IAM in GCP
Defcon 27 - Exploiting IAM in GCPDefcon 27 - Exploiting IAM in GCP
Defcon 27 - Exploiting IAM in GCP
 
Exploiting IAM in GCP
Exploiting IAM in GCPExploiting IAM in GCP
Exploiting IAM in GCP
 
Exploiting IAM in the google cloud platform - dani_goland_mohsan_farid
Exploiting IAM in the google cloud platform - dani_goland_mohsan_faridExploiting IAM in the google cloud platform - dani_goland_mohsan_farid
Exploiting IAM in the google cloud platform - dani_goland_mohsan_farid
 
Kubernetes security with AWS
Kubernetes security with AWSKubernetes security with AWS
Kubernetes security with AWS
 
Kubernetes with docker
Kubernetes with dockerKubernetes with docker
Kubernetes with docker
 
Lamdba micro service using Amazon Api Gateway
Lamdba micro service using Amazon Api GatewayLamdba micro service using Amazon Api Gateway
Lamdba micro service using Amazon Api Gateway
 
Extending kubernetes
Extending kubernetesExtending kubernetes
Extending kubernetes
 
Engineering Domain Team Bootstrap
Engineering Domain Team BootstrapEngineering Domain Team Bootstrap
Engineering Domain Team Bootstrap
 
Kubernetes 101 for_penetration_testers_-_null_mumbai
Kubernetes 101 for_penetration_testers_-_null_mumbaiKubernetes 101 for_penetration_testers_-_null_mumbai
Kubernetes 101 for_penetration_testers_-_null_mumbai
 
K8s identity management
K8s identity managementK8s identity management
K8s identity management
 
Attacking and Defending Kubernetes - Nithin Jois
Attacking and Defending Kubernetes - Nithin JoisAttacking and Defending Kubernetes - Nithin Jois
Attacking and Defending Kubernetes - Nithin Jois
 
CactusCon 2019: Exploiting IAM in GCP
CactusCon 2019: Exploiting IAM in GCPCactusCon 2019: Exploiting IAM in GCP
CactusCon 2019: Exploiting IAM in GCP
 
DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security
DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security
DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security
 
How to Install and Configure your own Identity Manager GE
How to Install and Configure your own Identity Manager GEHow to Install and Configure your own Identity Manager GE
How to Install and Configure your own Identity Manager GE
 
How to Install & Configure Your Own Identity Manager GE
How to Install & Configure Your Own Identity Manager GEHow to Install & Configure Your Own Identity Manager GE
How to Install & Configure Your Own Identity Manager GE
 
在 LINE 私有雲中使用 Managed Kubernetes
在 LINE 私有雲中使用 Managed Kubernetes在 LINE 私有雲中使用 Managed Kubernetes
在 LINE 私有雲中使用 Managed Kubernetes
 

More from Evan Lin

好書分享: 一人公司 Company Of One
好書分享:  一人公司  Company Of One好書分享:  一人公司  Company Of One
好書分享: 一人公司 Company Of OneEvan Lin
 
How to master a programming language: a Golang example"
How to master a programming language: a Golang example"How to master a programming language: a Golang example"
How to master a programming language: a Golang example"Evan Lin
 
Golang taipei #45 10th birthday
Golang taipei #45 10th birthdayGolang taipei #45 10th birthday
Golang taipei #45 10th birthdayEvan Lin
 
How I become Go GDE
How I become Go GDEHow I become Go GDE
How I become Go GDEEvan Lin
 
iThome Modern Web 2018: 如何打造高效的機器學習平台
iThome Modern Web 2018: 如何打造高效的機器學習平台iThome Modern Web 2018: 如何打造高效的機器學習平台
iThome Modern Web 2018: 如何打造高效的機器學習平台Evan Lin
 
Consistent hashing algorithmic tradeoffs
Consistent hashing  algorithmic tradeoffsConsistent hashing  algorithmic tradeoffs
Consistent hashing algorithmic tradeoffsEvan Lin
 
GTG30: Introduction vgo
GTG30: Introduction vgoGTG30: Introduction vgo
GTG30: Introduction vgoEvan Lin
 
Kubernetes v.s. mesos
Kubernetes v.s. mesosKubernetes v.s. mesos
Kubernetes v.s. mesosEvan Lin
 
iTHome Gopher Day 2017: What can Golang do? (Using project 52 as examples)
iTHome Gopher Day 2017: What can Golang do?  (Using project 52 as examples)iTHome Gopher Day 2017: What can Golang do?  (Using project 52 as examples)
iTHome Gopher Day 2017: What can Golang do? (Using project 52 as examples)Evan Lin
 
iThome Cloud Summit: The next generation of data center: Machine Intelligent ...
iThome Cloud Summit: The next generation of data center: Machine Intelligent ...iThome Cloud Summit: The next generation of data center: Machine Intelligent ...
iThome Cloud Summit: The next generation of data center: Machine Intelligent ...Evan Lin
 
iThome Chatbot Day: 透過 Golang 無痛建置機器學習聊天機器人
iThome Chatbot Day: 透過 Golang 無痛建置機器學習聊天機器人iThome Chatbot Day: 透過 Golang 無痛建置機器學習聊天機器人
iThome Chatbot Day: 透過 Golang 無痛建置機器學習聊天機器人Evan Lin
 
Google APAC Machine Learning Expert Day
Google APAC Machine Learning Expert DayGoogle APAC Machine Learning Expert Day
Google APAC Machine Learning Expert DayEvan Lin
 
如何透過 Golang 與 Heroku 來一鍵部署 臉書機器人與 Line Bot
如何透過 Golang 與 Heroku 來一鍵部署 臉書機器人與 Line Bot如何透過 Golang 與 Heroku 來一鍵部署 臉書機器人與 Line Bot
如何透過 Golang 與 Heroku 來一鍵部署 臉書機器人與 Line BotEvan Lin
 
Use go channel to write a disk queue
Use go channel to write a disk queueUse go channel to write a disk queue
Use go channel to write a disk queueEvan Lin
 
Gopher Taiwan Gathering #16: Build a smart bot via Golang
Gopher Taiwan Gathering #16:  Build a smart bot via GolangGopher Taiwan Gathering #16:  Build a smart bot via Golang
Gopher Taiwan Gathering #16: Build a smart bot via GolangEvan Lin
 
Docker swarm introduction
Docker swarm introductionDocker swarm introduction
Docker swarm introductionEvan Lin
 
COSCUP 2016: Project 52 每週一個小專案來學習 Golang
COSCUP 2016: Project 52 每週一個小專案來學習 GolangCOSCUP 2016: Project 52 每週一個小專案來學習 Golang
COSCUP 2016: Project 52 每週一個小專案來學習 GolangEvan Lin
 
Modern Web 2016: Using Golang to build a smart IM Bot
Modern Web 2016: Using Golang to build a smart IM Bot Modern Web 2016: Using Golang to build a smart IM Bot
Modern Web 2016: Using Golang to build a smart IM Bot Evan Lin
 
Docker introduction in Hardware Company
Docker introduction in Hardware CompanyDocker introduction in Hardware Company
Docker introduction in Hardware CompanyEvan Lin
 
Host Line Bot with Golang
Host Line Bot with GolangHost Line Bot with Golang
Host Line Bot with GolangEvan Lin
 

More from Evan Lin (20)

好書分享: 一人公司 Company Of One
好書分享:  一人公司  Company Of One好書分享:  一人公司  Company Of One
好書分享: 一人公司 Company Of One
 
How to master a programming language: a Golang example"
How to master a programming language: a Golang example"How to master a programming language: a Golang example"
How to master a programming language: a Golang example"
 
Golang taipei #45 10th birthday
Golang taipei #45 10th birthdayGolang taipei #45 10th birthday
Golang taipei #45 10th birthday
 
How I become Go GDE
How I become Go GDEHow I become Go GDE
How I become Go GDE
 
iThome Modern Web 2018: 如何打造高效的機器學習平台
iThome Modern Web 2018: 如何打造高效的機器學習平台iThome Modern Web 2018: 如何打造高效的機器學習平台
iThome Modern Web 2018: 如何打造高效的機器學習平台
 
Consistent hashing algorithmic tradeoffs
Consistent hashing  algorithmic tradeoffsConsistent hashing  algorithmic tradeoffs
Consistent hashing algorithmic tradeoffs
 
GTG30: Introduction vgo
GTG30: Introduction vgoGTG30: Introduction vgo
GTG30: Introduction vgo
 
Kubernetes v.s. mesos
Kubernetes v.s. mesosKubernetes v.s. mesos
Kubernetes v.s. mesos
 
iTHome Gopher Day 2017: What can Golang do? (Using project 52 as examples)
iTHome Gopher Day 2017: What can Golang do?  (Using project 52 as examples)iTHome Gopher Day 2017: What can Golang do?  (Using project 52 as examples)
iTHome Gopher Day 2017: What can Golang do? (Using project 52 as examples)
 
iThome Cloud Summit: The next generation of data center: Machine Intelligent ...
iThome Cloud Summit: The next generation of data center: Machine Intelligent ...iThome Cloud Summit: The next generation of data center: Machine Intelligent ...
iThome Cloud Summit: The next generation of data center: Machine Intelligent ...
 
iThome Chatbot Day: 透過 Golang 無痛建置機器學習聊天機器人
iThome Chatbot Day: 透過 Golang 無痛建置機器學習聊天機器人iThome Chatbot Day: 透過 Golang 無痛建置機器學習聊天機器人
iThome Chatbot Day: 透過 Golang 無痛建置機器學習聊天機器人
 
Google APAC Machine Learning Expert Day
Google APAC Machine Learning Expert DayGoogle APAC Machine Learning Expert Day
Google APAC Machine Learning Expert Day
 
如何透過 Golang 與 Heroku 來一鍵部署 臉書機器人與 Line Bot
如何透過 Golang 與 Heroku 來一鍵部署 臉書機器人與 Line Bot如何透過 Golang 與 Heroku 來一鍵部署 臉書機器人與 Line Bot
如何透過 Golang 與 Heroku 來一鍵部署 臉書機器人與 Line Bot
 
Use go channel to write a disk queue
Use go channel to write a disk queueUse go channel to write a disk queue
Use go channel to write a disk queue
 
Gopher Taiwan Gathering #16: Build a smart bot via Golang
Gopher Taiwan Gathering #16:  Build a smart bot via GolangGopher Taiwan Gathering #16:  Build a smart bot via Golang
Gopher Taiwan Gathering #16: Build a smart bot via Golang
 
Docker swarm introduction
Docker swarm introductionDocker swarm introduction
Docker swarm introduction
 
COSCUP 2016: Project 52 每週一個小專案來學習 Golang
COSCUP 2016: Project 52 每週一個小專案來學習 GolangCOSCUP 2016: Project 52 每週一個小專案來學習 Golang
COSCUP 2016: Project 52 每週一個小專案來學習 Golang
 
Modern Web 2016: Using Golang to build a smart IM Bot
Modern Web 2016: Using Golang to build a smart IM Bot Modern Web 2016: Using Golang to build a smart IM Bot
Modern Web 2016: Using Golang to build a smart IM Bot
 
Docker introduction in Hardware Company
Docker introduction in Hardware CompanyDocker introduction in Hardware Company
Docker introduction in Hardware Company
 
Host Line Bot with Golang
Host Line Bot with GolangHost Line Bot with Golang
Host Line Bot with Golang
 

Recently uploaded

audience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkkaudience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkklolsDocherty
 
Thank You Luv I’ll Never Walk Alone Again T shirts
Thank You Luv I’ll Never Walk Alone Again T shirtsThank You Luv I’ll Never Walk Alone Again T shirts
Thank You Luv I’ll Never Walk Alone Again T shirtsrahman018755
 
Development Lifecycle.pptx for the secure development of apps
Development Lifecycle.pptx for the secure development of appsDevelopment Lifecycle.pptx for the secure development of apps
Development Lifecycle.pptx for the secure development of appscristianmanaila2
 
Topology of the Network class 8 .ppt pdf
Topology of the Network class 8 .ppt pdfTopology of the Network class 8 .ppt pdf
Topology of the Network class 8 .ppt pdfAnushkaTripathi61
 
Cyber Security Services Unveiled: Strategies to Secure Your Digital Presence
Cyber Security Services Unveiled: Strategies to Secure Your Digital PresenceCyber Security Services Unveiled: Strategies to Secure Your Digital Presence
Cyber Security Services Unveiled: Strategies to Secure Your Digital PresencePC Doctors NET
 
The Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case StudyThe Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case StudyDamar Juniarto
 
Pvtaan Social media marketing proposal.pdf
Pvtaan Social media marketing proposal.pdfPvtaan Social media marketing proposal.pdf
Pvtaan Social media marketing proposal.pdfPvtaan
 
Bug Bounty Blueprint : A Beginner's Guide
Bug Bounty Blueprint : A Beginner's GuideBug Bounty Blueprint : A Beginner's Guide
Bug Bounty Blueprint : A Beginner's GuideVarun Mithran
 
Production 2024 sunderland culture final - Copy.pptx
Production 2024 sunderland culture final - Copy.pptxProduction 2024 sunderland culture final - Copy.pptx
Production 2024 sunderland culture final - Copy.pptxChloeMeadows1
 
Statistical Analysis of DNS Latencies.pdf
Statistical Analysis of DNS Latencies.pdfStatistical Analysis of DNS Latencies.pdf
Statistical Analysis of DNS Latencies.pdfOndejSur
 
iThome_CYBERSEC2024_Drive_Into_the_DarkWeb
iThome_CYBERSEC2024_Drive_Into_the_DarkWebiThome_CYBERSEC2024_Drive_Into_the_DarkWeb
iThome_CYBERSEC2024_Drive_Into_the_DarkWebJie Liau
 
How Do I Begin the Linksys Velop Setup Process?
How Do I Begin the Linksys Velop Setup Process?How Do I Begin the Linksys Velop Setup Process?
How Do I Begin the Linksys Velop Setup Process?Linksys Velop Login
 
Article writing on excessive use of internet.pptx
Article writing on excessive use of internet.pptxArticle writing on excessive use of internet.pptx
Article writing on excessive use of internet.pptxabhinandnam9997
 
Premier Mobile App Development Agency in USA.pdf
Premier Mobile App Development Agency in USA.pdfPremier Mobile App Development Agency in USA.pdf
Premier Mobile App Development Agency in USA.pdfappinfoedgeca
 
Reggie miller choke t shirtsReggie miller choke t shirts
Reggie miller choke t shirtsReggie miller choke t shirtsReggie miller choke t shirtsReggie miller choke t shirts
Reggie miller choke t shirtsReggie miller choke t shirtsrahman018755
 
Case study on merger of Vodafone and Idea (VI).pptx
Case study on merger of Vodafone and Idea (VI).pptxCase study on merger of Vodafone and Idea (VI).pptx
Case study on merger of Vodafone and Idea (VI).pptxAnkitscribd
 

Recently uploaded (16)

audience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkkaudience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
 
Thank You Luv I’ll Never Walk Alone Again T shirts
Thank You Luv I’ll Never Walk Alone Again T shirtsThank You Luv I’ll Never Walk Alone Again T shirts
Thank You Luv I’ll Never Walk Alone Again T shirts
 
Development Lifecycle.pptx for the secure development of apps
Development Lifecycle.pptx for the secure development of appsDevelopment Lifecycle.pptx for the secure development of apps
Development Lifecycle.pptx for the secure development of apps
 
Topology of the Network class 8 .ppt pdf
Topology of the Network class 8 .ppt pdfTopology of the Network class 8 .ppt pdf
Topology of the Network class 8 .ppt pdf
 
Cyber Security Services Unveiled: Strategies to Secure Your Digital Presence
Cyber Security Services Unveiled: Strategies to Secure Your Digital PresenceCyber Security Services Unveiled: Strategies to Secure Your Digital Presence
Cyber Security Services Unveiled: Strategies to Secure Your Digital Presence
 
The Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case StudyThe Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case Study
 
Pvtaan Social media marketing proposal.pdf
Pvtaan Social media marketing proposal.pdfPvtaan Social media marketing proposal.pdf
Pvtaan Social media marketing proposal.pdf
 
Bug Bounty Blueprint : A Beginner's Guide
Bug Bounty Blueprint : A Beginner's GuideBug Bounty Blueprint : A Beginner's Guide
Bug Bounty Blueprint : A Beginner's Guide
 
Production 2024 sunderland culture final - Copy.pptx
Production 2024 sunderland culture final - Copy.pptxProduction 2024 sunderland culture final - Copy.pptx
Production 2024 sunderland culture final - Copy.pptx
 
Statistical Analysis of DNS Latencies.pdf
Statistical Analysis of DNS Latencies.pdfStatistical Analysis of DNS Latencies.pdf
Statistical Analysis of DNS Latencies.pdf
 
iThome_CYBERSEC2024_Drive_Into_the_DarkWeb
iThome_CYBERSEC2024_Drive_Into_the_DarkWebiThome_CYBERSEC2024_Drive_Into_the_DarkWeb
iThome_CYBERSEC2024_Drive_Into_the_DarkWeb
 
How Do I Begin the Linksys Velop Setup Process?
How Do I Begin the Linksys Velop Setup Process?How Do I Begin the Linksys Velop Setup Process?
How Do I Begin the Linksys Velop Setup Process?
 
Article writing on excessive use of internet.pptx
Article writing on excessive use of internet.pptxArticle writing on excessive use of internet.pptx
Article writing on excessive use of internet.pptx
 
Premier Mobile App Development Agency in USA.pdf
Premier Mobile App Development Agency in USA.pdfPremier Mobile App Development Agency in USA.pdf
Premier Mobile App Development Agency in USA.pdf
 
Reggie miller choke t shirtsReggie miller choke t shirts
Reggie miller choke t shirtsReggie miller choke t shirtsReggie miller choke t shirtsReggie miller choke t shirts
Reggie miller choke t shirtsReggie miller choke t shirts
 
Case study on merger of Vodafone and Idea (VI).pptx
Case study on merger of Vodafone and Idea (VI).pptxCase study on merger of Vodafone and Idea (VI).pptx
Case study on merger of Vodafone and Idea (VI).pptx
 

Kubernetes secret introduction

  • 3. Authorization - Access Control ● ABAC (Attribute-Based Access Control) ○ Specific every access control by attribute.
  • 4. Authorization - Access Control ● RBAC (Role-Based Access Control) ○ Specific every access control by attribute.
  • 5. Kubernetes Account Type User Account Service Acccount Identifier for User Process (run in Pod) Scope Global By namespace, process Config Simple Much Complex
  • 6. How to create Service Account ● Service Account: ○ Combination of “SECRET”s. ● Create by command ○ kubectl create serviceaccount jenkins ● Create by yaml ○ apiVersion: v1 kind: ServiceAccount metadata: name: build-robot ○ kubectl create -f /tmp/serviceaccount.yaml serviceaccounts/build-robot
  • 7. SECRET ● Object Storage: ○ OAuth token, SSH Keys. ● Use for: ○ Pod: ■ One pod can assign multiple secrets ○ Service Account: ■ One service account owns multiple secrets ○ Image Pull ■ A sec.ImagePullSecrets is a secret to login private docker registry. ● How to use it: ○ Use it from “Environment Variables” ○ Use it from “Secret Mount”
  • 8. Secret: Prepare secret ● Secret File: (my_password_secret.yaml) apiVersion: v1 kind: Secret metadata: name: mysecret type: Opaque data: password: MWYyZDFlMmU2N2Rm //1f2d1e2e67df username: YWRtaW4= //admin ● How to use it: ○ Put it into system: ■ kubectl create -f ./secret.yaml
  • 9. Secret: Use Case - Environment Variable ● Pod File: (pod_with_secret.yaml) ● How to use it: ○ Put it into system: ■ kubectl create -f ./pod_with_secret.yaml
  • 10. Secret: Use Case - Security Volume ● Pod File: (secret_volumn.json) ● How to use it: ○ Put it into system: ■ kubectl create -f ./secret_volumn.json
  • 11. Authenitication: httpd Refer to walkthrough: https://github.com/aledbf/contrib/blob/6d61ea81bb0bdbbc115cd6a6e9c59ef 653afb213/ingress/controllers/nginx/examples/auth/README.md
  • 12. OAuth Server List ● Go: OpenID Connect Identity (OIDC) and OAuth 2.0 Provider with Pluggable Connectors ● Go: Auth Boss ● Go: OAuth2 ● Go: Docker registry oauth server ● Ruby: OAuth server with UI management system