K8s Pro Sentinel: Extend Secret Security in Kubernetes Cluster

TL;DR

K8s Pro Sentinel automates secret security configurations in Kubernetes, reducing human error and enhancing cluster security through an operator that manages encryption and access control.

Contribution

The paper introduces K8s Pro Sentinel, a novel operator that automates secret security setup in Kubernetes, improving security and reducing manual configuration errors.

Findings

Automates secret encryption and access control in Kubernetes.

Improves security by reducing human configuration errors.

Validated with Operator Scorecard and chaos engineering.

Abstract

Microservice architecture is widely adopted among distributed systems. It follows the modular approach that decomposes large software applications into independent services. Kubernetes has become the standard tool for managing these microservices. It stores sensitive information like database passwords, API keys, and access tokens as Secret Objects. There are security mechanisms employed to safeguard these confidential data, such as encryption, Role Based Access Control (RBAC), and the least privilege principle. However, manually configuring these measures is time-consuming, requires specialized knowledge, and is prone to human error, thereby increasing the risks of misconfiguration. This research introduces K8s Pro Sentinel, an operator that automates the configuration of encryption and access control for Secret Objects by extending the Kubernetes API server. This automation reduces human error and enhances security within clusters. The performance and reliability of the Sentinel operator were evaluated using Red Hat Operator Scorecard and chaos engineering practices.