SlideShare ist ein Scribd-Unternehmen logo

Kubernetes secret introduction

Als PPTX, PDF herunterladen
Evan Lin
Evan Lin

Introduction how to use Kubernetes secret

Internet
1 von 12
Kubernetes Secret Evan Lin
Kubernetes Authentication and Authorization
Authorization - Access Control ● ABAC (Attribute-Based Access Control) ○ Specific every access control by attribute.
Authorization - Access Control ● RBAC (Role-Based Access Control) ○ Specific every access control by attribute.
Kubernetes Account Type User Account Service Acccount Identifier for User Process (run in Pod) Scope Global By namespace, process Config Simple Much Complex
How to create Service Account ● Service Account: ○ Combination of “SECRET”s. ● Create by command ○ kubectl create serviceaccount jenkins ● Create by yaml ○ apiVersion: v1 kind: ServiceAccount metadata: name: build-robot ○ kubectl create -f /tmp/serviceaccount.yaml serviceaccounts/build-robot
SECRET ● Object Storage: ○ OAuth token, SSH Keys. ● Use for: ○ Pod: ■ One pod can assign multiple secrets ○ Service Account: ■ One service account owns multiple secrets ○ Image Pull ■ A sec.ImagePullSecrets is a secret to login private docker registry. ● How to use it: ○ Use it from “Environment Variables” ○ Use it from “Secret Mount”
Secret: Prepare secret ● Secret File: (my_password_secret.yaml) apiVersion: v1 kind: Secret metadata: name: mysecret type: Opaque data: password: MWYyZDFlMmU2N2Rm //1f2d1e2e67df username: YWRtaW4= //admin ● How to use it: ○ Put it into system: ■ kubectl create -f ./secret.yaml
Secret: Use Case - Environment Variable ● Pod File: (pod_with_secret.yaml) ● How to use it: ○ Put it into system: ■ kubectl create -f ./pod_with_secret.yaml
Secret: Use Case - Security Volume ● Pod File: (secret_volumn.json) ● How to use it: ○ Put it into system: ■ kubectl create -f ./secret_volumn.json
Authenitication: httpd Refer to walkthrough: https://github.com/aledbf/contrib/blob/6d61ea81bb0bdbbc115cd6a6e9c59ef 653afb213/ingress/controllers/nginx/examples/auth/README.md
OAuth Server List ● Go: OpenID Connect Identity (OIDC) and OAuth 2.0 Provider with Pluggable Connectors ● Go: Auth Boss ● Go: OAuth2 ● Go: Docker registry oauth server ● Ruby: OAuth server with UI management system

Empfohlen

GraniteDS 360|Flex DC
GraniteDS 360|Flex DCGraniteDS 360|Flex DC
GraniteDS 360|Flex DCwdrai
 
Web3j 2.0 Update
Web3j 2.0 UpdateWeb3j 2.0 Update
Web3j 2.0 UpdateConor Svensson
 
Building Java and Android apps on the blockchain
Building Java and Android apps on the blockchain Building Java and Android apps on the blockchain
Building Java and Android apps on the blockchain Conor Svensson
 
What cloud changes the developer
What cloud changes the developerWhat cloud changes the developer
What cloud changes the developerSimon Su
 
Universal JS Applications with React
Universal JS Applications with ReactUniversal JS Applications with React
Universal JS Applications with ReactThanh Trần Trọng
 
Building mobile apps with Realm for React Native
Building mobile apps with Realm for React NativeBuilding mobile apps with Realm for React Native
Building mobile apps with Realm for React NativeKenneth Geisshirt
 
Web App Prototypes with Google App Engine
Web App Prototypes with Google App EngineWeb App Prototypes with Google App Engine
Web App Prototypes with Google App EngineVlad Filippov
 
Ускоряем загрузку картинок вебсокетами
Ускоряем загрузку картинок вебсокетамиУскоряем загрузку картинок вебсокетами
Ускоряем загрузку картинок вебсокетами2ГИС Технологии
 

Empfohlen

GraniteDS 360|Flex DC
GraniteDS 360|Flex DCGraniteDS 360|Flex DC
GraniteDS 360|Flex DCwdrai
 
Web3j 2.0 Update
Web3j 2.0 UpdateWeb3j 2.0 Update
Web3j 2.0 UpdateConor Svensson
 
Building Java and Android apps on the blockchain
Building Java and Android apps on the blockchain Building Java and Android apps on the blockchain
Building Java and Android apps on the blockchain Conor Svensson
 
What cloud changes the developer
What cloud changes the developerWhat cloud changes the developer
What cloud changes the developerSimon Su
 
Universal JS Applications with React
Universal JS Applications with ReactUniversal JS Applications with React
Universal JS Applications with ReactThanh Trần Trọng
 
Building mobile apps with Realm for React Native
Building mobile apps with Realm for React NativeBuilding mobile apps with Realm for React Native
Building mobile apps with Realm for React NativeKenneth Geisshirt
 
Web App Prototypes with Google App Engine
Web App Prototypes with Google App EngineWeb App Prototypes with Google App Engine
Web App Prototypes with Google App EngineVlad Filippov
 
Ускоряем загрузку картинок вебсокетами
Ускоряем загрузку картинок вебсокетамиУскоряем загрузку картинок вебсокетами
Ускоряем загрузку картинок вебсокетами2ГИС Технологии
 
Perl Tools for Productivity
Perl Tools for ProductivityPerl Tools for Productivity
Perl Tools for ProductivityTudor Constantin
 
Design Summit - Security Roadmap - Keenan Brock, Alberto Bellotti
Design Summit - Security Roadmap - Keenan Brock, Alberto BellottiDesign Summit - Security Roadmap - Keenan Brock, Alberto Bellotti
Design Summit - Security Roadmap - Keenan Brock, Alberto BellottiManageIQ
 
Azure functions: from a function to a whole application in 60 minutes
Azure functions: from a function to a whole application in 60 minutesAzure functions: from a function to a whole application in 60 minutes
Azure functions: from a function to a whole application in 60 minutesAlessandro Melchiori
 
Don't Fear the Platform
Don't Fear the PlatformDon't Fear the Platform
Don't Fear the PlatformESUG
 
casperjs presentation
casperjs presentation casperjs presentation
casperjs presentationAnsviaLab
 
Local Lambda Debugging
Local Lambda DebuggingLocal Lambda Debugging
Local Lambda DebuggingMatt Billock
 
AWS ElasticBeanstalk and Docker
AWS ElasticBeanstalk and Docker AWS ElasticBeanstalk and Docker
AWS ElasticBeanstalk and Docker kloia
 
JS & NodeJS - An Introduction
JS & NodeJS - An IntroductionJS & NodeJS - An Introduction
JS & NodeJS - An IntroductionNirvanic Labs
 
Clojure web dev history
Clojure web dev historyClojure web dev history
Clojure web dev historyIkuru Kanuma
 
Dynamic management of kubernetes
Dynamic management of kubernetesDynamic management of kubernetes
Dynamic management of kubernetesMartin Podval
 
Kubernetes Security Updates from Kubecon 2018 Seattle
Kubernetes Security Updates from Kubecon 2018 SeattleKubernetes Security Updates from Kubecon 2018 Seattle
Kubernetes Security Updates from Kubecon 2018 SeattleSuraj Deshmukh
 
Kubernetes #3 security
Kubernetes #3 securityKubernetes #3 security
Kubernetes #3 securityTerry Cho
 
[APIdays Paris 2019] From Microservices to APIs: The API operator in Kubernetes
[APIdays Paris 2019] From Microservices to APIs: The API operator in Kubernetes[APIdays Paris 2019] From Microservices to APIs: The API operator in Kubernetes
[APIdays Paris 2019] From Microservices to APIs: The API operator in KubernetesWSO2
 
Role based access control - RBAC - Kubernetes
Role based access control - RBAC - KubernetesRole based access control - RBAC - Kubernetes
Role based access control - RBAC - KubernetesMilan Das
 
Defcon 27 - Exploiting IAM in GCP
Defcon 27 - Exploiting IAM in GCPDefcon 27 - Exploiting IAM in GCP
Defcon 27 - Exploiting IAM in GCPNetskope
 
Exploiting IAM in GCP
Exploiting IAM in GCPExploiting IAM in GCP
Exploiting IAM in GCPColin Estep
 
Exploiting IAM in the google cloud platform - dani_goland_mohsan_farid
Exploiting IAM in the google cloud platform - dani_goland_mohsan_faridExploiting IAM in the google cloud platform - dani_goland_mohsan_farid
Exploiting IAM in the google cloud platform - dani_goland_mohsan_faridCloudVillage
 
Kubernetes security with AWS
Kubernetes security with AWSKubernetes security with AWS
Kubernetes security with AWSKasun Madura Rathnayaka
 
Kubernetes with docker
Kubernetes with dockerKubernetes with docker
Kubernetes with dockerDocker, Inc.
 
Lamdba micro service using Amazon Api Gateway
Lamdba micro service using Amazon Api GatewayLamdba micro service using Amazon Api Gateway
Lamdba micro service using Amazon Api GatewayMike Becker
 
Extending kubernetes
Extending kubernetesExtending kubernetes
Extending kubernetesGigi Sayfan
 
Engineering Domain Team Bootstrap
Engineering Domain Team BootstrapEngineering Domain Team Bootstrap
Engineering Domain Team BootstrapGunnarHolwerda
 

Weitere ähnliche Inhalte

Was ist angesagt?

Perl Tools for Productivity
Perl Tools for ProductivityPerl Tools for Productivity
Perl Tools for ProductivityTudor Constantin
 
Design Summit - Security Roadmap - Keenan Brock, Alberto Bellotti
Design Summit - Security Roadmap - Keenan Brock, Alberto BellottiDesign Summit - Security Roadmap - Keenan Brock, Alberto Bellotti
Design Summit - Security Roadmap - Keenan Brock, Alberto BellottiManageIQ
 
Azure functions: from a function to a whole application in 60 minutes
Azure functions: from a function to a whole application in 60 minutesAzure functions: from a function to a whole application in 60 minutes
Azure functions: from a function to a whole application in 60 minutesAlessandro Melchiori
 
Don't Fear the Platform
Don't Fear the PlatformDon't Fear the Platform
Don't Fear the PlatformESUG
 
casperjs presentation
casperjs presentation casperjs presentation
casperjs presentationAnsviaLab
 
Local Lambda Debugging
Local Lambda DebuggingLocal Lambda Debugging
Local Lambda DebuggingMatt Billock
 
AWS ElasticBeanstalk and Docker
AWS ElasticBeanstalk and Docker AWS ElasticBeanstalk and Docker
AWS ElasticBeanstalk and Docker kloia
 
JS & NodeJS - An Introduction
JS & NodeJS - An IntroductionJS & NodeJS - An Introduction
JS & NodeJS - An IntroductionNirvanic Labs
 
Clojure web dev history
Clojure web dev historyClojure web dev history
Clojure web dev historyIkuru Kanuma
 
Dynamic management of kubernetes
Dynamic management of kubernetesDynamic management of kubernetes
Dynamic management of kubernetesMartin Podval
 

Was ist angesagt? (10)

Perl Tools for Productivity
Perl Tools for ProductivityPerl Tools for Productivity
Perl Tools for Productivity
 
Design Summit - Security Roadmap - Keenan Brock, Alberto Bellotti
Design Summit - Security Roadmap - Keenan Brock, Alberto BellottiDesign Summit - Security Roadmap - Keenan Brock, Alberto Bellotti
Design Summit - Security Roadmap - Keenan Brock, Alberto Bellotti
 
Azure functions: from a function to a whole application in 60 minutes
Azure functions: from a function to a whole application in 60 minutesAzure functions: from a function to a whole application in 60 minutes
Azure functions: from a function to a whole application in 60 minutes
 
Don't Fear the Platform
Don't Fear the PlatformDon't Fear the Platform
Don't Fear the Platform
 
casperjs presentation
casperjs presentation casperjs presentation
casperjs presentation
 
Local Lambda Debugging
Local Lambda DebuggingLocal Lambda Debugging
Local Lambda Debugging
 
AWS ElasticBeanstalk and Docker
AWS ElasticBeanstalk and Docker AWS ElasticBeanstalk and Docker
AWS ElasticBeanstalk and Docker
 
JS & NodeJS - An Introduction
JS & NodeJS - An IntroductionJS & NodeJS - An Introduction
JS & NodeJS - An Introduction
 
Clojure web dev history
Clojure web dev historyClojure web dev history
Clojure web dev history
 
Dynamic management of kubernetes
Dynamic management of kubernetesDynamic management of kubernetes
Dynamic management of kubernetes
 

Ähnlich wie Kubernetes secret introduction

Kubernetes Security Updates from Kubecon 2018 Seattle
Kubernetes Security Updates from Kubecon 2018 SeattleKubernetes Security Updates from Kubecon 2018 Seattle
Kubernetes Security Updates from Kubecon 2018 SeattleSuraj Deshmukh
 
Kubernetes #3 security
Kubernetes #3 securityKubernetes #3 security
Kubernetes #3 securityTerry Cho
 
[APIdays Paris 2019] From Microservices to APIs: The API operator in Kubernetes
[APIdays Paris 2019] From Microservices to APIs: The API operator in Kubernetes[APIdays Paris 2019] From Microservices to APIs: The API operator in Kubernetes
[APIdays Paris 2019] From Microservices to APIs: The API operator in KubernetesWSO2
 
Role based access control - RBAC - Kubernetes
Role based access control - RBAC - KubernetesRole based access control - RBAC - Kubernetes
Role based access control - RBAC - KubernetesMilan Das
 
Defcon 27 - Exploiting IAM in GCP
Defcon 27 - Exploiting IAM in GCPDefcon 27 - Exploiting IAM in GCP
Defcon 27 - Exploiting IAM in GCPNetskope
 
Exploiting IAM in GCP
Exploiting IAM in GCPExploiting IAM in GCP
Exploiting IAM in GCPColin Estep
 
Exploiting IAM in the google cloud platform - dani_goland_mohsan_farid
Exploiting IAM in the google cloud platform - dani_goland_mohsan_faridExploiting IAM in the google cloud platform - dani_goland_mohsan_farid
Exploiting IAM in the google cloud platform - dani_goland_mohsan_faridCloudVillage
 
Kubernetes with docker
Kubernetes with dockerKubernetes with docker
Kubernetes with dockerDocker, Inc.
 
Lamdba micro service using Amazon Api Gateway
Lamdba micro service using Amazon Api GatewayLamdba micro service using Amazon Api Gateway
Lamdba micro service using Amazon Api GatewayMike Becker
 
Extending kubernetes
Extending kubernetesExtending kubernetes
Extending kubernetesGigi Sayfan
 
Engineering Domain Team Bootstrap
Engineering Domain Team BootstrapEngineering Domain Team Bootstrap
Engineering Domain Team BootstrapGunnarHolwerda
 
Attacking and Defending Kubernetes - Nithin Jois
Attacking and Defending Kubernetes - Nithin JoisAttacking and Defending Kubernetes - Nithin Jois
Attacking and Defending Kubernetes - Nithin JoisOWASP Hacker Thursday
 
CactusCon 2019: Exploiting IAM in GCP
CactusCon 2019: Exploiting IAM in GCPCactusCon 2019: Exploiting IAM in GCP
CactusCon 2019: Exploiting IAM in GCPColin Estep
 
DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security
DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security
DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security DevOpsDays Riga
 
How to Install and Configure your own Identity Manager GE
How to Install and Configure your own Identity Manager GEHow to Install and Configure your own Identity Manager GE
How to Install and Configure your own Identity Manager GEFederico Fernández Moreno
 
How to Install & Configure Your Own Identity Manager GE
How to Install & Configure Your Own Identity Manager GEHow to Install & Configure Your Own Identity Manager GE
How to Install & Configure Your Own Identity Manager GEFIWARE
 
在 LINE 私有雲中使用 Managed Kubernetes
在 LINE 私有雲中使用 Managed Kubernetes在 LINE 私有雲中使用 Managed Kubernetes
在 LINE 私有雲中使用 Managed KubernetesLINE Corporation
 

Ähnlich wie Kubernetes secret introduction (20)

Kubernetes Security Updates from Kubecon 2018 Seattle
Kubernetes Security Updates from Kubecon 2018 SeattleKubernetes Security Updates from Kubecon 2018 Seattle
Kubernetes Security Updates from Kubecon 2018 Seattle
 
Kubernetes #3 security
Kubernetes #3 securityKubernetes #3 security
Kubernetes #3 security
 
[APIdays Paris 2019] From Microservices to APIs: The API operator in Kubernetes
[APIdays Paris 2019] From Microservices to APIs: The API operator in Kubernetes[APIdays Paris 2019] From Microservices to APIs: The API operator in Kubernetes
[APIdays Paris 2019] From Microservices to APIs: The API operator in Kubernetes
 
Role based access control - RBAC - Kubernetes
Role based access control - RBAC - KubernetesRole based access control - RBAC - Kubernetes
Role based access control - RBAC - Kubernetes
 
Defcon 27 - Exploiting IAM in GCP
Defcon 27 - Exploiting IAM in GCPDefcon 27 - Exploiting IAM in GCP
Defcon 27 - Exploiting IAM in GCP
 
Exploiting IAM in GCP
Exploiting IAM in GCPExploiting IAM in GCP
Exploiting IAM in GCP
 
Exploiting IAM in the google cloud platform - dani_goland_mohsan_farid
Exploiting IAM in the google cloud platform - dani_goland_mohsan_faridExploiting IAM in the google cloud platform - dani_goland_mohsan_farid
Exploiting IAM in the google cloud platform - dani_goland_mohsan_farid
 
Kubernetes security with AWS
Kubernetes security with AWSKubernetes security with AWS
Kubernetes security with AWS
 
Kubernetes with docker
Kubernetes with dockerKubernetes with docker
Kubernetes with docker
 
Lamdba micro service using Amazon Api Gateway
Lamdba micro service using Amazon Api GatewayLamdba micro service using Amazon Api Gateway
Lamdba micro service using Amazon Api Gateway
 
Extending kubernetes
Extending kubernetesExtending kubernetes
Extending kubernetes
 
Engineering Domain Team Bootstrap
Engineering Domain Team BootstrapEngineering Domain Team Bootstrap
Engineering Domain Team Bootstrap
 
Kubernetes 101 for_penetration_testers_-_null_mumbai
Kubernetes 101 for_penetration_testers_-_null_mumbaiKubernetes 101 for_penetration_testers_-_null_mumbai
Kubernetes 101 for_penetration_testers_-_null_mumbai
 
K8s identity management
K8s identity managementK8s identity management
K8s identity management
 
Attacking and Defending Kubernetes - Nithin Jois
Attacking and Defending Kubernetes - Nithin JoisAttacking and Defending Kubernetes - Nithin Jois
Attacking and Defending Kubernetes - Nithin Jois
 
CactusCon 2019: Exploiting IAM in GCP
CactusCon 2019: Exploiting IAM in GCPCactusCon 2019: Exploiting IAM in GCP
CactusCon 2019: Exploiting IAM in GCP
 
DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security
DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security
DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security
 
How to Install and Configure your own Identity Manager GE
How to Install and Configure your own Identity Manager GEHow to Install and Configure your own Identity Manager GE
How to Install and Configure your own Identity Manager GE
 
How to Install & Configure Your Own Identity Manager GE
How to Install & Configure Your Own Identity Manager GEHow to Install & Configure Your Own Identity Manager GE
How to Install & Configure Your Own Identity Manager GE
 
在 LINE 私有雲中使用 Managed Kubernetes
在 LINE 私有雲中使用 Managed Kubernetes在 LINE 私有雲中使用 Managed Kubernetes
在 LINE 私有雲中使用 Managed Kubernetes
 

Mehr von Evan Lin

好書分享: 一人公司 Company Of One
好書分享: 一人公司 Company Of One好書分享: 一人公司 Company Of One
好書分享: 一人公司 Company Of OneEvan Lin
 
How to master a programming language: a Golang example"
How to master a programming language: a Golang example"How to master a programming language: a Golang example"
How to master a programming language: a Golang example"Evan Lin
 
Golang taipei #45 10th birthday
Golang taipei #45 10th birthdayGolang taipei #45 10th birthday
Golang taipei #45 10th birthdayEvan Lin
 
How I become Go GDE
How I become Go GDEHow I become Go GDE
How I become Go GDEEvan Lin
 
iThome Modern Web 2018: 如何打造高效的機器學習平台
iThome Modern Web 2018: 如何打造高效的機器學習平台iThome Modern Web 2018: 如何打造高效的機器學習平台
iThome Modern Web 2018: 如何打造高效的機器學習平台Evan Lin
 
Consistent hashing algorithmic tradeoffs
Consistent hashing algorithmic tradeoffsConsistent hashing algorithmic tradeoffs
Consistent hashing algorithmic tradeoffsEvan Lin
 
GTG30: Introduction vgo
GTG30: Introduction vgoGTG30: Introduction vgo
GTG30: Introduction vgoEvan Lin
 
Kubernetes v.s. mesos
Kubernetes v.s. mesosKubernetes v.s. mesos
Kubernetes v.s. mesosEvan Lin
 
iTHome Gopher Day 2017: What can Golang do? (Using project 52 as examples)
iTHome Gopher Day 2017: What can Golang do? (Using project 52 as examples)iTHome Gopher Day 2017: What can Golang do? (Using project 52 as examples)
iTHome Gopher Day 2017: What can Golang do? (Using project 52 as examples)Evan Lin
 
iThome Cloud Summit: The next generation of data center: Machine Intelligent ...
iThome Cloud Summit: The next generation of data center: Machine Intelligent ...iThome Cloud Summit: The next generation of data center: Machine Intelligent ...
iThome Cloud Summit: The next generation of data center: Machine Intelligent ...Evan Lin
 
iThome Chatbot Day: 透過 Golang 無痛建置機器學習聊天機器人
iThome Chatbot Day: 透過 Golang 無痛建置機器學習聊天機器人iThome Chatbot Day: 透過 Golang 無痛建置機器學習聊天機器人
iThome Chatbot Day: 透過 Golang 無痛建置機器學習聊天機器人Evan Lin
 
Google APAC Machine Learning Expert Day
Google APAC Machine Learning Expert DayGoogle APAC Machine Learning Expert Day
Google APAC Machine Learning Expert DayEvan Lin
 
如何透過 Golang 與 Heroku 來一鍵部署 臉書機器人與 Line Bot
如何透過 Golang 與 Heroku 來一鍵部署 臉書機器人與 Line Bot如何透過 Golang 與 Heroku 來一鍵部署 臉書機器人與 Line Bot
如何透過 Golang 與 Heroku 來一鍵部署 臉書機器人與 Line BotEvan Lin
 
Use go channel to write a disk queue
Use go channel to write a disk queueUse go channel to write a disk queue
Use go channel to write a disk queueEvan Lin
 
Gopher Taiwan Gathering #16: Build a smart bot via Golang
Gopher Taiwan Gathering #16: Build a smart bot via GolangGopher Taiwan Gathering #16: Build a smart bot via Golang
Gopher Taiwan Gathering #16: Build a smart bot via GolangEvan Lin
 
Docker swarm introduction
Docker swarm introductionDocker swarm introduction
Docker swarm introductionEvan Lin
 
COSCUP 2016: Project 52 每週一個小專案來學習 Golang
COSCUP 2016: Project 52 每週一個小專案來學習 GolangCOSCUP 2016: Project 52 每週一個小專案來學習 Golang
COSCUP 2016: Project 52 每週一個小專案來學習 GolangEvan Lin
 
Modern Web 2016: Using Golang to build a smart IM Bot
Modern Web 2016: Using Golang to build a smart IM Bot Modern Web 2016: Using Golang to build a smart IM Bot
Modern Web 2016: Using Golang to build a smart IM Bot Evan Lin
 
Docker introduction in Hardware Company
Docker introduction in Hardware CompanyDocker introduction in Hardware Company
Docker introduction in Hardware CompanyEvan Lin
 
Host Line Bot with Golang
Host Line Bot with GolangHost Line Bot with Golang
Host Line Bot with GolangEvan Lin
 

Mehr von Evan Lin (20)

好書分享: 一人公司 Company Of One
好書分享: 一人公司 Company Of One好書分享: 一人公司 Company Of One
好書分享: 一人公司 Company Of One
 
How to master a programming language: a Golang example"
How to master a programming language: a Golang example"How to master a programming language: a Golang example"
How to master a programming language: a Golang example"
 
Golang taipei #45 10th birthday
Golang taipei #45 10th birthdayGolang taipei #45 10th birthday
Golang taipei #45 10th birthday
 
How I become Go GDE
How I become Go GDEHow I become Go GDE
How I become Go GDE
 
iThome Modern Web 2018: 如何打造高效的機器學習平台
iThome Modern Web 2018: 如何打造高效的機器學習平台iThome Modern Web 2018: 如何打造高效的機器學習平台
iThome Modern Web 2018: 如何打造高效的機器學習平台
 
Consistent hashing algorithmic tradeoffs
Consistent hashing algorithmic tradeoffsConsistent hashing algorithmic tradeoffs
Consistent hashing algorithmic tradeoffs
 
GTG30: Introduction vgo
GTG30: Introduction vgoGTG30: Introduction vgo
GTG30: Introduction vgo
 
Kubernetes v.s. mesos
Kubernetes v.s. mesosKubernetes v.s. mesos
Kubernetes v.s. mesos
 
iTHome Gopher Day 2017: What can Golang do? (Using project 52 as examples)
iTHome Gopher Day 2017: What can Golang do? (Using project 52 as examples)iTHome Gopher Day 2017: What can Golang do? (Using project 52 as examples)
iTHome Gopher Day 2017: What can Golang do? (Using project 52 as examples)
 
iThome Cloud Summit: The next generation of data center: Machine Intelligent ...
iThome Cloud Summit: The next generation of data center: Machine Intelligent ...iThome Cloud Summit: The next generation of data center: Machine Intelligent ...
iThome Cloud Summit: The next generation of data center: Machine Intelligent ...
 
iThome Chatbot Day: 透過 Golang 無痛建置機器學習聊天機器人
iThome Chatbot Day: 透過 Golang 無痛建置機器學習聊天機器人iThome Chatbot Day: 透過 Golang 無痛建置機器學習聊天機器人
iThome Chatbot Day: 透過 Golang 無痛建置機器學習聊天機器人
 
Google APAC Machine Learning Expert Day
Google APAC Machine Learning Expert DayGoogle APAC Machine Learning Expert Day
Google APAC Machine Learning Expert Day
 
如何透過 Golang 與 Heroku 來一鍵部署 臉書機器人與 Line Bot
如何透過 Golang 與 Heroku 來一鍵部署 臉書機器人與 Line Bot如何透過 Golang 與 Heroku 來一鍵部署 臉書機器人與 Line Bot
如何透過 Golang 與 Heroku 來一鍵部署 臉書機器人與 Line Bot
 
Use go channel to write a disk queue
Use go channel to write a disk queueUse go channel to write a disk queue
Use go channel to write a disk queue
 
Gopher Taiwan Gathering #16: Build a smart bot via Golang
Gopher Taiwan Gathering #16: Build a smart bot via GolangGopher Taiwan Gathering #16: Build a smart bot via Golang
Gopher Taiwan Gathering #16: Build a smart bot via Golang
 
Docker swarm introduction
Docker swarm introductionDocker swarm introduction
Docker swarm introduction
 
COSCUP 2016: Project 52 每週一個小專案來學習 Golang
COSCUP 2016: Project 52 每週一個小專案來學習 GolangCOSCUP 2016: Project 52 每週一個小專案來學習 Golang
COSCUP 2016: Project 52 每週一個小專案來學習 Golang
 
Modern Web 2016: Using Golang to build a smart IM Bot
Modern Web 2016: Using Golang to build a smart IM Bot Modern Web 2016: Using Golang to build a smart IM Bot
Modern Web 2016: Using Golang to build a smart IM Bot
 
Docker introduction in Hardware Company
Docker introduction in Hardware CompanyDocker introduction in Hardware Company
Docker introduction in Hardware Company
 
Host Line Bot with Golang
Host Line Bot with GolangHost Line Bot with Golang
Host Line Bot with Golang
 

Kürzlich hochgeladen

Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoilmeghakumariji156
 
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...gajnagarg
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdfMatthew Sinclair
 
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...meghakumariji156
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdfMatthew Sinclair
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"growthgrids
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge GraphsEleniIlkou
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfJOHNBEBONYAP1
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrHenryBriggs2
 
Best SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasBest SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasDigicorns Technologies
 
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac RoomVip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Roommeghakumariji156
 
一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理F
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样ayvbos
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制pxcywzqs
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样ayvbos
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查ydyuyu
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC
 
Call girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsCall girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsMonica Sydney
 
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsMira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsPriya Reddy
 

Kürzlich hochgeladen (20)

Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
 
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
 
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
 
Best SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasBest SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency Dallas
 
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac RoomVip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
 
一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
Call girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsCall girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girls
 
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsMira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
 

Kubernetes secret introduction

  • 3. Authorization - Access Control ● ABAC (Attribute-Based Access Control) ○ Specific every access control by attribute.
  • 4. Authorization - Access Control ● RBAC (Role-Based Access Control) ○ Specific every access control by attribute.
  • 5. Kubernetes Account Type User Account Service Acccount Identifier for User Process (run in Pod) Scope Global By namespace, process Config Simple Much Complex
  • 6. How to create Service Account ● Service Account: ○ Combination of “SECRET”s. ● Create by command ○ kubectl create serviceaccount jenkins ● Create by yaml ○ apiVersion: v1 kind: ServiceAccount metadata: name: build-robot ○ kubectl create -f /tmp/serviceaccount.yaml serviceaccounts/build-robot
  • 7. SECRET ● Object Storage: ○ OAuth token, SSH Keys. ● Use for: ○ Pod: ■ One pod can assign multiple secrets ○ Service Account: ■ One service account owns multiple secrets ○ Image Pull ■ A sec.ImagePullSecrets is a secret to login private docker registry. ● How to use it: ○ Use it from “Environment Variables” ○ Use it from “Secret Mount”
  • 8. Secret: Prepare secret ● Secret File: (my_password_secret.yaml) apiVersion: v1 kind: Secret metadata: name: mysecret type: Opaque data: password: MWYyZDFlMmU2N2Rm //1f2d1e2e67df username: YWRtaW4= //admin ● How to use it: ○ Put it into system: ■ kubectl create -f ./secret.yaml
  • 9. Secret: Use Case - Environment Variable ● Pod File: (pod_with_secret.yaml) ● How to use it: ○ Put it into system: ■ kubectl create -f ./pod_with_secret.yaml
  • 10. Secret: Use Case - Security Volume ● Pod File: (secret_volumn.json) ● How to use it: ○ Put it into system: ■ kubectl create -f ./secret_volumn.json
  • 11. Authenitication: httpd Refer to walkthrough: https://github.com/aledbf/contrib/blob/6d61ea81bb0bdbbc115cd6a6e9c59ef 653afb213/ingress/controllers/nginx/examples/auth/README.md
  • 12. OAuth Server List ● Go: OpenID Connect Identity (OIDC) and OAuth 2.0 Provider with Pluggable Connectors ● Go: Auth Boss ● Go: OAuth2 ● Go: Docker registry oauth server ● Ruby: OAuth server with UI management system