Photo

How Kubernetes stores encrypted data in etcd, and why KMS v2 matters

Maksim Nabokikh

from Palark GmbH (Ulm)

About speaker

I am a software engineer with more than ten years of experience. Since 2020, I’ve been an architect and tech lead of Deckhouse Kubernetes Platform, a certified Kubernetes distribution. Since 2021, I’ve also been a maintainer of Dex, a CNCF Sandbox project.

About speakers company

Palark is an all-in-one DevOps & SRE service provider based in Germany that helps organisations of all sizes build, deploy and operate software quickly, efficiently and securely. Our team is always on call to ensure that your production environment is running smoothly. We offer DevOps as a Service, so you can concentrate on business applications without worrying about infrastructure, operations, CI/CD and all related best practices.

Abstracts

specific

etcd is at the heart of the data Kubernetes stores for various needs, and encrypting it is natural for those who’d like to reduce the attack surface for Kubernetes-based workloads. This talk reveals how this encryption works, and why KMS (Key Management Service) v2 is the best approach we have today.

You’ll learn how KMS v1 initially encrypted data in etcd, which shortcomings it brought, and how KMS v2—released as stable in Kubernetes v1.29—solved them. Finally, I’ll demonstrate how you can create a simple plugin leveraging data encryption with KMS v2.

The talk was accepted to the conference program

other talks of this topic

Photo
Reduce Alert Fatigue with AIOps

Birol Yildiz

ilert GmbH

broad
Photo
How did I help save the lives of more than 1.5 million people in less than two years?

Grzegorz Sztandera

Commerzbank

broad
Photo
DevOps done right: RBAC

Daniel Drack

FullStackS GmbH

specific
Photo
Optimizing Observability Costs: Practical Tips and Tricks

Neel Shah

Middleware

broad
Photo
An Intro to Kubernetes Hardening

Ayesha Kaleem

MBition GmbH

broad
Photo
​​Fine-Tuning Large Language Models with Declarative ML Orchestration

Shivay Lamba

Couchbase

specific
Photo
The Essentiality Of SRE When Cloud Providers Fail: Outages, Mitigation, and Postmortems

Sayan Mondal

Harness

specific
Photo
Operational Excellence in Large-Scale Systems: Ensuring Performance and Stability in High-Load Env

Vamsi Krishna Rao

Salesforce

broad
Photo
Troubleshooting Microservice Architectures

Peter Zaitsev

Percona, Coroot

specific
Photo
CNCF sandbox project k8up under the hood

Aarno Aukia

VSHN - The DevOps Company

specific
Photo
DevOps for AI: running LLMs in production with Kubernetes and KubeFlow

Aarno Aukia

VSHN - The DevOps Company

specific
Photo
Internal Developer Platform and Kusion: Optimize the software development process

Hoang Dinh Nguyen

Viettel Group

specific
Photo
Multi-Layered Defence for Web Applications: Protecting Against DDoS Attacks and Beyond…

Edgar Mikayelyan

Qrator Labs

broad
Photo
Autonomous Agents and Their Role in Incident Management

Yoseph Reuveni

Not Affiliated

specific
Photo
Open Source Solutions: Evaluating OpenTelemetry Backend Options

Peter Zaitsev

Percona, Coroot

specific
Photo
Knowledge Discovery Efficiency: The FeedHenry Case Study

Benjamin Igna

Stellar Work GmbH

specific
Photo
The Chaos Engineering Maturity Model A Roadmap to Operational Resilience

Sayan Mondal

Harness

broad
Photo
Zero-instrumentation observability based on eBPF

Peter Zaitsev

Percona, Coroot

specific
Photo
AI as a Tool: Automating Operations Without Reinventing the Wheel

Maarten Raaijmakers

Raynmakers

broad
Photo
How do we deliver Agile Service Management?

Cristan Massey

Pearson Education

specific
Photo
CRaCing Java Snapshots

Pasha Finkelshteyn

BellSoft

specific
Photo
Actionable Observability

Lesley Cordero

The New York Times

broad
Photo
The Balancing Act of Reliability

Yusuf Aytas

Workday

broad
Photo
Empowering Developers: Building an Application Catalogue with Crossplane

Aarno Aukia

VSHN - The DevOps Company

specific
Photo
Securing K8s: back and forth to RBAC Enforce

Roman Levkin

Exness

specific
Photo
The ROI of AI: Making a Business Case for AI-Driven Automation

Maarten Raaijmakers

Raynmakers

broad
Photo
How to Build a Docker Engine-like Custom Container without Any Software

Gursimar Singh

DevOps Consultant

specific
Photo
Platform Engineering for a Greener Future

Pini Reznik

re:cinq

broad
Photo
How to Measure PromQL/MetricsQL Expression Complexity

Roman Khavronenko

VictoriaMetrics

specific
Photo
Guarding the ML Galaxy: Beyond Accuracy to Privacy and Security

Rishabh Misra

Attentive Mobile Inc

broad
Photo
Flags of Flexibility - Unlocking Rapid Iteration

Oussama Zaki

Miro

broad

Tech Internals Conf

is the largest conference for developers of complex
and highly loaded systems

Participation options

The price is soaring —> the closer the conference is, the more it costs.

The current price of a ticket is —> 410 EUR before March 1st

what I`ll get?

  • Participation in Q&A sessions
  • Videos and slides after the conference
  • Hearty coffee breaks and lunches
  • Access to the exhibition area
  • Afterparty with speakers and participants
for individuals for legal entities

Unlock up to 50%
off your ticket!

Enter your email to see your personalised discount — no commitment to purchase required

Changed your mind?

Please tell us why.

Thank you
for your reply!

Become partner

of the largest conference for developers of complex
and highly loaded systems