Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Kubernetes secret introduction

1 691 vues

Publié le

Introduction how to use Kubernetes secret

Publié dans : Internet
  • Writing good research paper is quite easy and very difficult simultaneously. It depends on the individual skill set also. You can get help from research paper writing. Check out, please ⇒ www.WritePaper.info ⇐
       Répondre 
    Voulez-vous vraiment ?  Oui  Non
    Votre message apparaîtra ici
  • Soyez le premier à aimer ceci

Kubernetes secret introduction

  1. 1. Kubernetes Secret Evan Lin
  2. 2. Kubernetes Authentication and Authorization
  3. 3. Authorization - Access Control ● ABAC (Attribute-Based Access Control) ○ Specific every access control by attribute.
  4. 4. Authorization - Access Control ● RBAC (Role-Based Access Control) ○ Specific every access control by attribute.
  5. 5. Kubernetes Account Type User Account Service Acccount Identifier for User Process (run in Pod) Scope Global By namespace, process Config Simple Much Complex
  6. 6. How to create Service Account ● Service Account: ○ Combination of “SECRET”s. ● Create by command ○ kubectl create serviceaccount jenkins ● Create by yaml ○ apiVersion: v1 kind: ServiceAccount metadata: name: build-robot ○ kubectl create -f /tmp/serviceaccount.yaml serviceaccounts/build-robot
  7. 7. SECRET ● Object Storage: ○ OAuth token, SSH Keys. ● Use for: ○ Pod: ■ One pod can assign multiple secrets ○ Service Account: ■ One service account owns multiple secrets ○ Image Pull ■ A sec.ImagePullSecrets is a secret to login private docker registry. ● How to use it: ○ Use it from “Environment Variables” ○ Use it from “Secret Mount”
  8. 8. Secret: Prepare secret ● Secret File: (my_password_secret.yaml) apiVersion: v1 kind: Secret metadata: name: mysecret type: Opaque data: password: MWYyZDFlMmU2N2Rm //1f2d1e2e67df username: YWRtaW4= //admin ● How to use it: ○ Put it into system: ■ kubectl create -f ./secret.yaml
  9. 9. Secret: Use Case - Environment Variable ● Pod File: (pod_with_secret.yaml) ● How to use it: ○ Put it into system: ■ kubectl create -f ./pod_with_secret.yaml
  10. 10. Secret: Use Case - Security Volume ● Pod File: (secret_volumn.json) ● How to use it: ○ Put it into system: ■ kubectl create -f ./secret_volumn.json
  11. 11. Authenitication: httpd Refer to walkthrough: https://github.com/aledbf/contrib/blob/6d61ea81bb0bdbbc115cd6a6e9c59ef 653afb213/ingress/controllers/nginx/examples/auth/README.md
  12. 12. OAuth Server List ● Go: OpenID Connect Identity (OIDC) and OAuth 2.0 Provider with Pluggable Connectors ● Go: Auth Boss ● Go: OAuth2 ● Go: Docker registry oauth server ● Ruby: OAuth server with UI management system

×