Reputation: 51
How do I manage jenkins secret in kubernetes?
Hey I am new to kubernetes and playing around with jenkins deployment. I have deployed jenkins master pod through the deployment.yaml as well service and pvc.yaml.
I set the service as node port and but how do I secure and manage jenkins secret ? Do I need to create some sort of configmap for this ? I usually get jenkins secrets from kubectl logs . Any help or suggestion will be greatly appreciated to make this more secure :)
Upvotes: 3
Views: 4484
Answers (1)
Reputation: 4108
First let's clear some concepts and background:
Since you are new to kubernetes, I'll help you understand the scenario better and give you suggestions to achieve your goal.
A ConfigMap stores configuration data as key-value pairs. ConfigMap is similar to Secrets, but provides a means of working with strings that don’t contain sensitive information.
I'm posting the description of Configmap to help you understand that it's powerful to handle data but it's not applicable for storing sensitive information, hence will not be mentioned below.
Kubernetes Secrets lets you store and manage sensitive information, such as passwords, OAuth tokens, and ssh keys. Storing confidential information in a Secret is safer and more flexible than putting it verbatim in a Pod definition or in a container image.
Natively, Kubernetes uses secrets to handle objects that store sensitive data and it's authenticated by kubernetes-api, keeping it safe from external access unless it have a valid credential to cluster administration.
By default Jenkins stores the password in Secrets.
Deployment:
- This is the 101 guide to deploy Jenkins on Kubernetes
- It will show you the best way to extract the admin password extracting from the secret
- It will show you how to access Jenkins UI.
- The deployment is automated with Helm which is a powerful tool on Kubernetes.
Addressing your Questions:
how do I secure and manage jenkins secret?
- The Jenkins secret is secure by kubernetes credentials, only those who have access to the cluster can extract it, so it's relatively safe by default.
Any help or suggestion will be greatly appreciated to make this more secure
- After gaining some experience with Jenkins and Kubernetes and as your setup grows, you can start using several steps to enhance your overall security. Thus far we relied on the native security tools, but you can consider new approaches for distributed authentication. Here are some guides you can learn more:
If I can help you further let me know in the comments!
Upvotes: 2
Related Questions
- Kubernetes and settings.xml in jenkins-agents
- Unable to see Jenkins Credentials values
- Deploying a app to kubernetes through jenkins
- Create or edit Kubernetes secret from a job
- How do I set secrets in Jenkins Step
- Kubernetes jenkins - Permission denied
- How to use Helm Jenkins Values 'CredentialsXmlSecret'
- Kubernetes credentials for Jenkins
- Jenkins Kubernetes Plugin: How to specify private docker repo credentials via the UI?
- management of kubernetes secrets