Photo

How Kubernetes stores encrypted data in etcd, and why KMS v2 matters

Maksim Nabokikh

from Palark GmbH (Ulm)

About speaker

I am a software engineer with more than ten years of experience. Since 2020, I’ve been an architect and tech lead of Deckhouse Kubernetes Platform, a certified Kubernetes distribution. Since 2021, I’ve also been a maintainer of Dex, a CNCF Sandbox project.

About speakers company

Palark is an all-in-one DevOps & SRE service provider based in Germany that helps organisations of all sizes build, deploy and operate software quickly, efficiently and securely. Our team is always on call to ensure that your production environment is running smoothly. We offer DevOps as a Service, so you can concentrate on business applications without worrying about infrastructure, operations, CI/CD and all related best practices.

Abstracts

specific

etcd is at the heart of the data Kubernetes stores for various needs, and encrypting it is natural for those who’d like to reduce the attack surface for Kubernetes-based workloads. This talk reveals how this encryption works, and why KMS (Key Management Service) v2 is the best approach we have today.

You’ll learn how KMS v1 initially encrypted data in etcd, which shortcomings it brought, and how KMS v2—released as stable in Kubernetes v1.29—solved them. Finally, I’ll demonstrate how you can create a simple plugin leveraging data encryption with KMS v2.

The Program Committee has not yet taken a decision on this talk

other talks of this topic

Photo
Developing on Containers with DevPod and Dev Containers

Hrittik Roy

Loft Labs

specific
Photo
Pentesting Kubernetes Services in the Cloud

Sergey Chubarov

Independent consultant

specific
Photo
How to Build a Docker Engine-like Custom Container without Any Software

Gursimar Singh

DevOps Consultant

specific
Photo
How to Measure PromQL/MetricsQL Expression Complexity

Roman Khavronenko

VictoriaMetrics

specific
Photo
Autonomous Agents and Their Role in Incident Management

Yoseph Reuveni

Not Affiliated

specific
Photo
CRaCing Java Snapshots

Pasha Finkelshteyn

BellSoft

specific
Photo
Zero-instrumentation observability based on eBPF

Peter Zaitsev

Percona, Coroot

specific
Photo
Internal Developer Platform and Kusion: Optimize the software development process

Hoang Dinh Nguyen

Viettel Group

specific
Photo
Platform Engineering for a Greener Future

Pini Reznik

re:cinq

broad
Photo
Optimizing Observability Costs: Practical Tips and Tricks

Neel Shah

Middleware

broad
Photo
Troubleshooting Microservice Architectures

Peter Zaitsev

Percona, Coroot

specific
Photo
How do we deliver Agile Service Management?

Cristan Massey

Pearson Education

specific
Photo
The Balancing Act of Reliability

Yusuf Aytas

Workday

broad
Photo
The Chaos Engineering Maturity Model A Roadmap to Operational Resilience

Sayan Mondal

Harness

broad
Photo
Open Source Solutions: Evaluating OpenTelemetry Backend Options

Peter Zaitsev

Percona, Coroot

specific
Photo
Embracing Multitenancy: Transforming Enterprises for the Future

Hrittik Roy

Loft Labs

specific
Photo
Securing K8s: back and forth to RBAC Enforce

Roman Levkin

Exness

specific
Photo
An Intro to Kubernetes Hardening

Ayesha Kaleem

MBition GmbH

broad
Photo
DevOps done right: RBAC

Daniel Drack

FullStackS GmbH

specific
Photo
AI for Next-Gen Security: OpenAI and Copilot for Security Synergy

Sergey Chubarov

Independent consultant

specific
Photo
Flags of Flexibility - Unlocking Rapid Iteration

Oussama Zaki

Miro

broad
Photo
Behind the curtain of PowerShell cmdlets

Sergey Chubarov

Independent consultant

specific
Photo
Empowering Developers: Building an Application Catalogue with Crossplane

Aarno Aukia

VSHN - The DevOps Company

specific
Photo
Actionable Observability

Lesley Cordero

The New York Times

broad
Photo
Safely through the dependency minefield using OWASP Dependency Track

Christoph Menzel

inovex GmbH

specific
Photo
Guarding the ML Galaxy: Beyond Accuracy to Privacy and Security

Rishabh Misra

Attentive Mobile Inc

broad
Photo
The Essentiality Of SRE When Cloud Providers Fail: Outages, Mitigation, and Postmortems

Sayan Mondal

Harness

specific
Photo
Knowledge Discovery Efficiency: The FeedHenry Case Study

Benjamin Igna

Stellar Work GmbH

specific
Photo
Delivering SaaS on-prem with Cloud-native tools

George Hantzaras

MongoDB

specific
Photo
DevOps for AI: running LLMs in production with Kubernetes and KubeFlow

Aarno Aukia

VSHN - The DevOps Company

specific
Photo
AI as a Tool: Automating Operations Without Reinventing the Wheel

Maarten Raaijmakers

Raynmakers

broad
Photo
The ROI of AI: Making a Business Case for AI-Driven Automation

Maarten Raaijmakers

Raynmakers

broad
Photo
K8s load testing at scale with k6-operator

Ant(on) Weiss

PerfectScale

specific
Photo
CNCF sandbox project k8up under the hood

Aarno Aukia

VSHN - The DevOps Company

specific
Photo
Reduce Alert Fatigue with AIOps

Birol Yildiz

ilert GmbH

broad
Photo
Operational Excellence in Large-Scale Systems: Ensuring Performance and Stability in High-Load Env

Vamsi Krishna Rao

Salesforce

broad
Photo
Multi-Layered Defence for Web Applications: Protecting Against DDoS Attacks and Beyond…

Edgar Mikayelyan

Qrator Labs

broad
Photo
How did I help save the lives of more than 1.5 million people in less than two years?

Grzegorz Sztandera

Commerzbank

broad

Tech Internals Conf is the leading conference for developers of complex and highly loaded systems

Participation options

Offline

The price is soaring —> the closer the conference is, the more it costs.

The current price of a ticket is —> 360 EUR

for individuals for legal entities

If you have any questions you can reach out to our support service —> support@internals.tech

Special offer (from 5 tickets)

To order from 5 tickets, contact us support@internals.tech

leave a request

Changed your mind?

Please tell us why.

Thank you for your reply!

Become partner

Professional conference for developers of high-load systems

  • 200-500
  • 500-1000
  • 1000+
  • NDA