Protect Your Kubernetes Data, Friends Dont Let Friends Leave their Kubernetes Data Unprotected
In recent headlines, there are increasing news about cloud resources getting hacked caused by attacks on Kubernetes clusters with unsecured etcd servers ending in massive amounts of password and keys …
| Talk Title | Protect Your Kubernetes Data, Friends Dont Let Friends Leave their Kubernetes Data Unprotected |
| Speakers | Rita Zhang (Principal Software Engineer, Microsoft) |
| Conference | Automotive Linux Summit & Open Source Summit Japan |
| Conf Tag | |
| Location | Tokyo, Japan |
| Date | Jun 19-22, 2018 |
| URL | Talk Page |
| Slides | Talk Slides |
| Video | |
In recent headlines, there are increasing news about cloud resources getting hacked caused by attacks on Kubernetes clusters with unsecured etcd servers ending in massive amounts of password and keys stolen. Failing to properly secure your Kubernetes data can result in cloud resources getting hacked and your application secrets getting stolen. The etcd database contains information that may grant an attacker significant visibility into the state of your cluster. This presentation focuses on how to use the encryption at rest feature to encrypt secret resources in etcd, preventing parties from gaining access to view the content in etcd and etcd backups. Starting from Kubernetes v1.10, we have added –experimental-encryption-provider-config that controls how API data is encrypted in etcd by KMS providers.
