8119  Reviews star_rate star_rate star_rate star_rate star_half

Using Vault to Manage Secrets on Kubernetes

Kubernetes has built-in secrets support, but there is room for improvement. Kubernetes secrets are encoded using base64, which is not secure encryption. Another limitation of Kubernetes secrets is...

Read More
Course Code INNO-UVMSK
Duration 2 days
Available Formats Classroom

Kubernetes has built-in secrets support, but there is room for improvement. Kubernetes secrets are encoded using base64, which is not secure encryption. Another limitation of Kubernetes secrets is that they can only be used inside of applications running on Kubernetes. Using Vault, we can address these concerns as well as introduce a myriad of new features. Vault is a single solution for secrets required inside Kubernetes or applications running outside of the Kubernetes cluster. Attendees will learn how to deploy and integrate Vault with Kubernetes and set up a secure solution for secret management.

Skills Gained

Attendees will understand best practices for building secure infrastructure using code, storing that code in version control, automating testing and deployment using Terraform and managing secrets with Vault.

Who Can Benefit

This class's audience is Developers, DevOps, Architects, Team Leads, Operations, and any other Engineering personnel interested in learning best practices for securing infrastructure and application code with Vault.

Prerequisites

Attendees should have a basic understanding of Linux and command-line experience.

Course Details

What you learn:

Kubernetes: Containers at Scale

  • Story of Kubernetes
  • Kubernetes at Google

Architecture

  • Cluster Architecture
  • Master Components
  • Node Components
  • Cluster Deployment Options

Workload Introduction

  • Pods
  • Application Pattern Controllers
  • ReplicaSets
  • Services

Secrets

  • Overview
  • Manifest Syntax
  • Using Secret Values

Vault Introduction

  • Overview
  • Architecture
  • Comparison of tools
  • Core components
  • Fundamental concepts
  • Platforms

High Availability

  • Design
  • Backend storage
  • Best practices

Configuration

  • Token Authentication
  • Key Rotation
  • Replication (Enterprise version)
  • Limits and Maximums

Secret Engines

  • Static secrets
  • Cubbyhole secret engine
  • Dynamic secrets
  • Encryption
  • Authentication

Policies

  • Configuration
  • Authentication methods
  • Syntax
  • Constraints

Vault Agent

  • Overview
  • Auto-Auth
  • Methods
  • Caching

Kubernetes Integration

  • Installation
  • Operator
  • Best practices

Wrap-up

  • Review
  • Q&A
  • Next steps