Kubernetes Secrets Management by Alex Soto Bueno;Andrew Block; & Andrew Block
Author:Alex Soto Bueno;Andrew Block; & Andrew Block [Bueno, Alex Soto & Block, Andrew]
Language: eng
Format: epub
Publisher: Simon & Schuster
Published: 2022-12-19T23:00:00+00:00
5.3 The Vault Agent Injector
The Kubernetes Auth Method simplified how applications deployed on Kubernetes can access values stored within Vault. One of the challenges presented by using either the token or Kubernetes auth methods, as described in section 5.2.1, is that the application needs to be Vault aware. In many cases, especially in legacy applications or those provided by third-party vendors, it may not be possible to modify the source code to configure this type of integration.
To overcome these challenges, several approaches emerged, using patterns in the Kubernetes ecosystem to address how values stored within Vault are made available to applications. Each leaned on a key characteristic of a Pod in Kubernetes, through which volumes could be shared between containers using an emptyDir volume type. A separate container could then be packaged within the Pod with the responsibility of facilitating the interaction with Vault and providing the secret values to the application through the shared volume.
Two patterns in Kubernetes were adopted to support this approach:
init containerâA container, or set of containers, that executes before the application containers are started. In the context of Vault, assets are retrieved from Vault and placed in a shared volume that is pre-populated for the application to consume.
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Optimizing Microsoft Azure Workloads by Rithin Skaria(5460)
Kubernetes in Production Best Practices by Aly Saleh and Murat Karslioglu(5188)
Cloud Computing Demystified for Aspiring Professionals by David Santana(4200)
Zed Attack Proxy Cookbook by Ryan Soper & Nestor N Torres & Ahmed Almoailu(3680)
Mastering Cyber Intelligence by Jean Nestor M. Dahj;(3188)
Google Cloud for Developers: Write, migrate, and extend your code by leveraging Google Cloud by Hector Parra Martinez(3089)
The Road to Azure Cost Governance by Paola E. Annis Giuliano Caglio(2726)
AWS Observability Handbook by Phani Kumar Lingamallu & Fabio Braga de Oliveira(2711)
Microsoft 365 Fundamentals Guide by Gustavo Moraes and Douglas Romão(2166)
Agile Security Operations: Engineering for Agility in Cyber Defense, Detection, and Response by Hinne Hettema(1293)
Cloud Identity Patterns and Strategies: Design enterprise cloud identity models with OAuth 2.0 and Azure Active Directory by Giuseppe Di Federico Fabrizio Barcaroli(1288)
Bootstrapping Service Mesh Implementations with Istio by Anand Rai(1174)
Agile Security Operations: Engineering for agility in cyber defense, detection, and response by Hinne Hettema(1113)
Zed Attack Proxy Cookbook: Hacking tactics, techniques, and procedures for testing web applications and APIs by Ryan Soper Nestor N Torres Ahmed Almoailu(1096)
The Road to Azure Cost Governance: Techniques to tame your monthly Azure bill with a continuous optimization journey for your apps by Paola E. Annis Giuliano Caglio(1076)
Linux Administration Best Practices: Practical Solutions to Approaching the Design and Management of Linux Systems by Scott Alan Miller(1045)
DevSecOps in Practice with VMware Tanzu: Build, run, and manage secure multi-cloud apps at scale on Kubernetes with the Tanzu portfolio by Parth Pandit Robert Hardt(990)
Terraform for Google Cloud Essential Guide by Bernd Nordhausen(799)
Becoming KCNA Certified by Dmitry Galkin(720)
