Skip to content

Kubernetes

Fortify Your Kubernetes Clusters: Encrypting Secrets with Sealed-Secrets

Introduction

In today's cloud-native world, Kubernetes has become the de facto standard for container orchestration. Kubernetes secrets are essential for storing sensitive data like passwords, API keys, and database credentials for workloads running on Kubernetes clusters.

However, many teams encounter a common issue while interacting with Kubernetes secrets:

  • The inadvertent exposure of the sensitive secrets when stored in version control systems.
  • Kubernetes secrets are base64 encoded. Base64 encoding can be easily decoded, leading to significant security vulnerabilities, including unauthorized access and potential data breaches.

To address this issue, various solutions exist, but in this blog, we will focus on one: sealed-secrets.

We will walk through a practical example of how to use sealed-secrets to secure your Kubernetes secrets, ensuring they are both version-controlled and protected.

Choosing Your Kubernetes Guardian: Ingress Controllers, Envoy GatewayAPI, or Istio?

Introduction

In the ever-evolving landscape of cloud-native applications, effectively managing traffic within a Kubernetes cluster is essential for optimizing performance, enhancing security, and achieving scalability. Several popular solutions have emerged to address these challenges, including Envoy, Envoy GatewayAPI, Ingress Controllers, and Istio. However, users often face confusion when deciding which solution best suits their specific use cases. In this blog post, we will explore the differences and similarities assisting you in selecting the optimal tool based on your requirements.