Kubernetes Daily Task Aug 9 2022

2 years ago
August 9, 2022
6 comments
47 views

+22

Geoff Burke
Veeam Legend, Veeam Vanguard
1318 comments

ok lets move on to the next task

Lets do something simple today that we will use at a later date. We will create a secret

JMeixner wrote:

Secrets are an interesting topic.

This seems not to be much secure… A simple echo with base64 option shows the secret in plain text.
Or what I am missing?

JMeixner wrote:

Secrets are an interesting topic.

This seems not to be much secure… A simple echo with base64 option shows the secret in plain text.
Or what I am missing?

JMeixner wrote:

Secrets are an interesting topic.

This seems not to be much secure… A simple echo with base64 option shows the secret in plain text.
Or what I am missing?

k get secrets

Secrets are used to store confidential information otherwise you could use configmaps but they are only hashed not encrypted so you would need to use something more secure like Hashcorp Vault if you wanted more security.

Lets hack the secret to demonstrate this weakness:

k get secrets mysecret -oyaml

echo Qm9zc1NhbGFyeQ== | base64 -d

There it is in plain sight BossSalary!

+17

JMeixner
On the path to Greatness
2650 comments
2 years ago
August 9, 2022

Secrets are an interesting topic.

This seems not to be much secure… A simple echo with base64 option shows the secret in plain text.
Or what I am missing?

+21

Chris.Childerhose
Veeam Legend, Veeam Vanguard
8521 comments
2 years ago
August 9, 2022

Completed this task for today. Really cool topic for sure. 👍🏼

+21

Chris.Childerhose
Veeam Legend, Veeam Vanguard
8521 comments
2 years ago
August 9, 2022

Just FYI @Geoff Burke - you spelled mysecret wrong in the first command - myscret so the third command does not work unless you change the spelling. 😋😉

+22

Geoff Burke
Author
Veeam Legend, Veeam Vanguard
1318 comments
2 years ago
August 9, 2022

Chris.Childerhose wrote:

Just FYI @Geoff Burke - you spelled mysecret wrong in the first command - myscret so the third command does not work unless you change the spelling. 😋😉

just goes to show never rush :) on the other hand this does help understand stuff :). Joking aside very important thing for the exams when you are rushing against the clock, one small typo can sink a lot of time in wasted troubleshooting so good to spot these quickly :)

VMCA2024, VMCE2023, VMCE2024-SP,CKA, LFCS, PCA,TARS

+22

Geoff Burke
Author
Veeam Legend, Veeam Vanguard
1318 comments
2 years ago
August 9, 2022

JMeixner wrote:

Secrets are an interesting topic.

This seems not to be much secure… A simple echo with base64 option shows the secret in plain text.
Or what I am missing?

Yes for certain. Now someone would need access to Api server, or an account with the right rbac permissions but still. You can though encrypt deeper, that is a topic on the CKS exam. Here is a good article on secrets and what can be done to secure:

https://blog.aquasec.com/managing-kubernetes-secrets

VMCA2024, VMCE2023, VMCE2024-SP,CKA, LFCS, PCA,TARS

+17

JMeixner
On the path to Greatness
2650 comments
2 years ago
August 9, 2022

Geoff Burke wrote:

JMeixner wrote:

Secrets are an interesting topic.

This seems not to be much secure… A simple echo with base64 option shows the secret in plain text.
Or what I am missing?

https://blog.aquasec.com/managing-kubernetes-secrets

Thanks 😎 good article

Comment

Related topics

I/O Frozen Issue During Agent Based Database Backup.icon

Databaseicon

Procedure to shrink the VBR database?icon

Steps to Install PostgreSQL on Windows server as Veeam Database

Veeam Backup for SQL Server Database Plug-in

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded