This chapter covers
- Capturing Kubernetes manifests to store in version control systems
- Enabling secure secret storage at rest
- Using Kubernetes Operators to manage Kubernetes resources, including Secrets
- Incorporating security considerations into Kubernetes package managers
- Implementing key rotation to improve your security posture
Chapter 2 provided an overview of the key architectural components of a Kubernetes environment as well as the way workloads are deployed and methods for injecting configurations via ConfigMaps and Secrets. But once resources have been added to a Kubernetes cluster, how are they managed? What happens if they were inadvertently removed? It becomes increasingly important for them to be captured and stored for potential later use. However, when working with resources that may contain sensitive information, careful thought and considerations must be taken into account. This chapter introduces tools and approaches that can be used to store Kubernetes Secrets securely at rest and illustrates the benefits of declaratively defining Kubernetes resources.