Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Kubernetes secret introduction

1.691 visualizaciones

Publicado el

Introduction how to use Kubernetes secret

Publicado en: Internet
  • Writing good research paper is quite easy and very difficult simultaneously. It depends on the individual skill set also. You can get help from research paper writing. Check out, please ⇒ www.WritePaper.info ⇐
       Responder 
    ¿Estás seguro?    No
    Tu mensaje aparecerá aquí
  • Sé el primero en recomendar esto

Kubernetes secret introduction

  1. 1. Kubernetes Secret Evan Lin
  2. 2. Kubernetes Authentication and Authorization
  3. 3. Authorization - Access Control ● ABAC (Attribute-Based Access Control) ○ Specific every access control by attribute.
  4. 4. Authorization - Access Control ● RBAC (Role-Based Access Control) ○ Specific every access control by attribute.
  5. 5. Kubernetes Account Type User Account Service Acccount Identifier for User Process (run in Pod) Scope Global By namespace, process Config Simple Much Complex
  6. 6. How to create Service Account ● Service Account: ○ Combination of “SECRET”s. ● Create by command ○ kubectl create serviceaccount jenkins ● Create by yaml ○ apiVersion: v1 kind: ServiceAccount metadata: name: build-robot ○ kubectl create -f /tmp/serviceaccount.yaml serviceaccounts/build-robot
  7. 7. SECRET ● Object Storage: ○ OAuth token, SSH Keys. ● Use for: ○ Pod: ■ One pod can assign multiple secrets ○ Service Account: ■ One service account owns multiple secrets ○ Image Pull ■ A sec.ImagePullSecrets is a secret to login private docker registry. ● How to use it: ○ Use it from “Environment Variables” ○ Use it from “Secret Mount”
  8. 8. Secret: Prepare secret ● Secret File: (my_password_secret.yaml) apiVersion: v1 kind: Secret metadata: name: mysecret type: Opaque data: password: MWYyZDFlMmU2N2Rm //1f2d1e2e67df username: YWRtaW4= //admin ● How to use it: ○ Put it into system: ■ kubectl create -f ./secret.yaml
  9. 9. Secret: Use Case - Environment Variable ● Pod File: (pod_with_secret.yaml) ● How to use it: ○ Put it into system: ■ kubectl create -f ./pod_with_secret.yaml
  10. 10. Secret: Use Case - Security Volume ● Pod File: (secret_volumn.json) ● How to use it: ○ Put it into system: ■ kubectl create -f ./secret_volumn.json
  11. 11. Authenitication: httpd Refer to walkthrough: https://github.com/aledbf/contrib/blob/6d61ea81bb0bdbbc115cd6a6e9c59ef 653afb213/ingress/controllers/nginx/examples/auth/README.md
  12. 12. OAuth Server List ● Go: OpenID Connect Identity (OIDC) and OAuth 2.0 Provider with Pluggable Connectors ● Go: Auth Boss ● Go: OAuth2 ● Go: Docker registry oauth server ● Ruby: OAuth server with UI management system

×