Putting an Invisible Shield on Kubernetes Secrets## Putting an Invisible Shield on Kubernetes Secrets Kailun Qin, Ant Group ## Agenda • K8s Secrets: Overview • TEE-based K8s Secrets Protection: Solution • Production Experience @ Ant Group • Demo Demo • Summary & Plan K8s Secrets: Overview ## Background: K8s Secrets ## • What they are? • Sensitive information • Passwords • OAuth tokens • ssh keys etc. • Stored in etcd • distributed Key-Value Background: K8s Secrets ## Local Encryption Provider  • Encryption Keys stored on API Server • Secrets encrypted prior0 码力 | 33 页 | 20.81 MB | 2 年前3- 秘钥管理秘钥Turtles all the way down - Securely managing Kubernetes Secrets## Turtles all the way down: securely managing Kubernetes secrets with secrets Alexandr Tcherniakhovski, Google Cloud Maya Kaczorowski, Google Cloud Nov 14 2018  ## Auditing Verify the use of individual secrets  ## Encryption0 码力 | 52 页 | 2.84 MB | 1 年前3
- Secrets Management at
Scale with Vault & Rancher24. June # Secrets Management at Scale with Vault & Rancher  Bastian Hofman Senior Field Engineer SUSE bastian.hofmann@suse managing many? How do we address: Networking, Security, Scheduling, Automation, etc? ## kubernetes ## Why Kubernetes ? Common compute platform across any infrastructure ## Common compute platform across p8_6.jpg)  ## Kubernetes architecture 0 码力 | 36 页 | 1.19 MB | 2 年前3
- Secrets of C++ Scripting Bindings## Secrets of C++ Scripting Bindings: Bridging Compile Time and Run Time ## JASON TURNER ## Secrets of Scripting Bindings for C++ ## Jason Turner C++ Weekly • Weekly videos since March, 2016 • 112k+ enhancements and TODO items. https://gist.github.com/lefticus/5d94357725413dce5005b0b1b7f77836 ## Secrets of Scripting Bindings for C++ ## Jason Turner C++ Weekly • Weekly videos since March, 2016 • 112k+0 码力 | 177 页 | 1.65 MB | 1 年前3
- ClickHouse on Kubernetessupport for ClickHouse deployments ○ Software (Kubernetes, cluster manager, tools & utilities) ☐ POCs/Training ## What is Kubernetes? ## “Kubernetes is the new Linux” Actually it’s an open-source ClickHouse on Kubernetes? Other applications are already there Easier to manage than deployment on hosts Bring up data warehouses quickly Portability ## I s it easy to run ClickHouse on Kubernetes? ## NOT REALLY ## Challenges running ClickHouse on Kubernetes? 1. Provisioning 2. Persistence 3. Networking 4. Transparency ALTINITY CLICKHOUSE OPERATOR for Kubernetes ## The ClickHouse operator turns complex0 码力 | 34 页 | 5.06 MB | 2 年前3
- ClickHouse on Kubernetes## Altinity ## ClickHouse on Kubernetes! Alexander Zaitsev, Altinity Limassol, May 7th 2019 ## Altinity Background ● Premier provider of software and services for ClickHouse • Incorporated in UK with Offerings: ☐ 24x7 support for ClickHouse deployments ○ Software (Kubernetes, cluster manager, tools & utilities) ☐ POCs/Training ## “Kubernetes is the new Linux” Actually it’s an open-source platform to: [Image](/uploads/documents/2/1/8/d/218d81a74f32d5934a3e909a7234c6df/p3_1.jpg) ## Why run ClickHouse on Kubernetes? 1. Other applications are already there 2. Portability 3. Bring up data warehouses quickly0 码力 | 29 页 | 3.87 MB | 2 年前3
- Kubernetes 入門# Kubernetes 入門 ### 1.1 Kubernetes 是什麼? Kubernetes 是什麼? 首先,它是一個全新的基於容器技術的分散式架構解決方案。這個方案雖然還很新,但它是 Google 十幾年來大規模應用容器技術的經驗累積和演進的一個重要成果。確切地說,Kubernetes 是 Google 嚴格保密十幾年的秘密武器——Borg 的開源專案版本。Borg 是 Google 的內部設計,所以外界一直無法瞭解它的相關資訊。直到 2015 年 4 月,傳聞許久的 Borg 論文伴隨著 Kubernetes 的發布宣傳被 Google 首度公開,大家才得以瞭解它的更多內幕。正因站在 Borg 這個前輩的肩勝上,吸取了 Borg 過去十年間的經驗與教訓,所以 Kubernetes 一經開源就一鳴驚人,並迅速席捲了容器技術領域。  圖 1.3 Kubernetes 部署架構圖 #### 1.3.1 建立 redis-master Pod 及服務 我們可以先定義 Service,然後再定義一個 RC 來建立和控制相對應的 Pod,或者先定義 RC 來建立 Pod,然後定義與其關聯的 Service,這兩種方式最終的結果都一樣,這裡我們採用後面這種方式。0 码力 | 12 页 | 2.00 MB | 2 年前3
Автоматизация управления ClickHouse-кластерами в Kubernetes## Автоматизация управления ClickHouse-кластерами в Kubernetes Владислав Клименко и Валерий Панов HighLoad Siberia 2019 Профессиональная конференция для разработчиков высоконагруженных систем THE ClickHouse в Kubernetes? • Все компоненты системы уже в к8s. • Максимальная унификация управления. • Нужно быстро строить хранилища данных. • Нужна максимальная переносимость. ## ClickHouse в Kubernetes – это ClickHouse + Kubernetes ## ClickHouse в Kubernetes? Что будем делать?  ALTINITY CLICKHOUSE OPERATOR for Kubernetes HighLoad0 码力 | 44 页 | 2.24 MB | 2 年前3- Serverless Kubernetes - KubeCon## Serverless Kubernetes: Container in Cloud Native Way 阿里云容器服务团队 张维 KUBECON CHINA 2018 ## 应用部署演化:Going native with cloud ## Serverless Computing | |Azure Container Instances| ## 挑戰:保護 Kubernetes 環境的應用程式安全 Kubernetes 是用於部署和管理這些容器的開源軟體。使用 Kubernetes 可以更快地交付、部署和管理容器化 模組化元件提高效率、優化資源利用和降低授權費用以節省成本。然而還是存在各種風險: - 特權用戶濫用-按照預設值,Docker依據root特權存取權限執行,管理員對所有租戶金鑰(tenant secrets)具有完全的存取權。這個不受約束的存取層級引發多種風險。如果管理員能夠不受限制的存取容器映像和其中儲存的資料,則企業可能遭受針對特權層級的攻擊。 • 跨容器存取-不當的權限配置可能造成多個容器 ## 解决方案:CipherTrust Transparent Encryption for Kubernetes CipherTrust Transparent Encryption for Kubernetes 提供用於加密、存取控制和資料存取日誌記錄的容器内核功能,使企業能夠對Kubernetes環境中的資料建立堅實穩固的防護。透過 CipherTrust Transparent Encryption0 码力 | 2 页 | 459.23 KB | 2 年前3
共 1000 条
- 1
- 2
- 3
- 4
- 5
- 6
- 100
相关搜索词
Kubernetes SecretsTEE-based可信执行环境密钥保护加密技术Envelope EncryptionEncryptionConfigKMS外部密钥存储VaultRancherKubernetesSecrets ManagementCSI DriverC++ Scripting BindingsChaiScriptC++嵌入式脚本引擎constexpr friendlyClickHouseOperatorProvisioningPersistenceNetworking容器技术分布式架构网络模型容器编排ClickHouse OperatorCRDcanary testingServerless KubernetesContainer OrchestrationCloud NativeSpark弹性扩缩CipherTrust Transparent Encryption for Kubernetes容器加密合规性