DEVELOPMENT OF VERSIONING FEATURES ON KUBERNETES SECRETS
In the era of cloud computing, Kubernetes has emerged as the leading platform for automating the deployment, scaling and management of containerized applications. An important component of Kubernetes is Secrets, objects that store sensitive data such as passwords, private keys and TLS certificate...
Saved in:
| Main Author: | |
|---|---|
| Format: | Final Project |
| Language: | Indonesia |
| Online Access: | https://digilib.itb.ac.id/gdl/view/74105 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Institut Teknologi Bandung |
| Language: | Indonesia |
| Summary: | In the era of cloud computing, Kubernetes has emerged as the leading platform for
automating the deployment, scaling and management of containerized applications.
An important component of Kubernetes is Secrets, objects that store sensitive data
such as passwords, private keys and TLS certificates. However, managing these
Secrets, particularly in terms of versioning, poses significant challenges.
Versioning refers to the ability of Kubernetes Secrets to store multiple versions of
Secret values, increasing the flexibility and security of the system.
Several tools, including HashiCorp Vault and Google Secrets Manager, offer
solutions for Secret Management in Kubernetes. These tools support versioning
Secrets, enabling easy monitoring of changes. However, integrating these tools into
Kubernetes and ensuring safe and efficient versioning of Secrets is a complex
matter.
Through STRIDE and CIA threat identification techniques, potential threats to
versioning are identified and addressed. An additional Kubernetes resource and
controller is implemented using Python, along with libraries such as kopf and
kubernetes, to interact with the Kubernetes API. A CustomResourceDefinition
(CRD) is also defined to manage the NewSecret object in Kubernetes. The results
show that the Secrets Management system, coupled with the Kubernetes Secrets
versioning feature, contributes to improving data security in Kubernetes. |
|---|