Managing secrets is critical for running secure and professional Kubernetes clusters. Sensitive data like API keys, database passwords, and TLS certificates need to be handled with care. While Kubernetes offers its own Secret object, it is often better to delegate the actual storage and management of secrets to external, specialized systems like AWS Secrets Manager, […]
Secrets Store CSI Driver vs. External Secrets Operator Read More »
Falco is an open-source security tool for linux-based systems. Thanks to its plugin architecture, it can also be used to scan and monitor Kubernetes clusters. This article will cover some of the basics of Falco and show how it can be used to monitor AWS EKS clusters. Security Scan Basics There are two basic types
Secure EKS Clusters with Falco Read More »
If you manage several Kubernetes clusters across different AWS accounts, you know it can be challenging to manage Kubernetes secrets across all of those clusters. This article describes a method to store secrets values in AWS Secrets Manager in a single account and use those secrets in Kubernetes clusters running in different AWS accounts. Furthermore,
Centralized Secrets with ESO and AWS Secrets Manager Read More »
Why External Secrets Operator Whenever we talk about secrets in Kubernetes, we typically mean sensitive data that should be shared with applications. These are things like API keys, database credentials, certificates, tokens, etc. Kubernetes has a native Secret Object that can expose secrets to pods, however, there are some drawbacks with the built-in approach: To
Getting Started with External Secrets Operator Read More »
After upgrading our EKS Kubernetes clusters from 1.23 to 1.24, some pods went into crashloopbackoff, with the following curious error: I know some of you are thinking – Geez, everyone knows you are not supposed to use privileged ports as container ports ! But that’s not the point here. We run a cluster with shared
Trouble Binding Ports After Switching to Containerd? Read More »
