Integrating PAM360 with Kubernetes for Secrets Management9 minutes to read
Kubernetes (K8s) - Kubernetes is an open-source platform that automates containerized application deployment, scaling, and management. Containers are a lightweight way to run applications, and Kubernetes manages them at ease by handling tasks like load balancing and rolling updates. Kubernetes Secrets - Kubernetes secrets provide a secure way to store sensitive information within a Kubernetes cluster. It is a prominent feature of Kubernetes that ensures secured storage of secrets, such as passwords, tokens, SSL certificates, and keys in the Kubernetes cluster. The infrastructure of Kubernetes enables the secure management of Kubernetes secrets, allowing users to manage the sensitive information required for their applications. As a result of this integration, PAM360 now offers the capability to manage Kubernetes TLS secrets, including their rotation and updating based on expiry and necessity. Note: The term TLS Secret mentioned in this document represents the SSL certificates stored in the Kubernetes cluster. Refer to the sections that follow to learn more about Kubernetes integration with PAM360:
1. Benefits of Kubernetes Integration with PAM360 for Secrets Management
2. Configuring Kubernetes in PAM360To begin the configuration process, you must first download the YAML file from the PAM360 interface. The YAML file is a configuration file that contains the necessary commands that must be applied to the Master node of the Kubernetes server. To download the YAML file, do the steps that follow:
Once you have downloaded the YAML file, move it to the server where Kubernetes is running. To do so:
Now, open the PAM360 console and do the steps that follow to add the Kubernetes clusters available in the Kubernetes server into PAM360:
3. Managing TLS Secrets via PAM360Once you have added the Kubernetes credential into PAM360, you can perform four main operations with the added Kubernetes credential to manage the TLS secrets. 3.1 Fetch TLS Secrets from Kubernetes CredentialTo fetch all the TLS secrets available in the Kubernetes credential into PAM360, follow the below steps:
3.2 Update TLS Secrets from PAM360If you have an expired or about-to-expire TLS secret in a Kubernetes credential, you can update it using the available Update option in the Kubernetes window. To update a TLS secret, do the steps that follow:
Note: The update operation performed in the PAM360 repository will automatically update the TLS secret in the respective Kubernetes credential (cluster). 3.3 Delete TLS Secrets from PAM360Select the respective TLS secrets and click Delete to remove them from the stored Kubernetes credential in PAM360. To add the TLS secrets back, you must follow the above steps. Please note that the Delete operation will remove the secret only from the PAM360 repository and not from the Kubernetes cluster. We recommend you delete the TLS secret manually in the Kubernetes cluster if required. 3.4 Sync TLS SecretsIn the event that a new set of secrets is introduced to the Kubernetes cluster, it is necessary to perform a manual fetch operation to maintain synchronization between Kubernetes cluster and PAM360. This operation will retrieve all additional secrets that were added subsequent to the initial fetch operation in PAM360. 4. Limitations
| |
[Webinar] Weave privileged access security into your org-wide ITSM workflows. Register now