Skip to content

Competitor: Kubernetes

Kyle Kamperschroer edited this page Jan 26, 2016 · 3 revisions

What are they?

An abstraction layer and toolchain for deploying "pods" (the atomic unit for your service) which consist of containers. Includes a reconciliation (health manager) loop that attempts to take a step towards making the current state of the world into the desired state of the world.

Pods are built of containers that make no sense apart. For example, an nginx container and a git sync container for the static content used by nginx.

Secrets are fairly transparent, and dropped into pods at deploy time. To enable access to a secret in a pod you:

  1. Create a secret file for that one secret, giving it a name, some metadata, the actual data, etc.
  2. In the pod description file add the name of the secret as a requirement.
  3. Access the secrets from a mounted secrets directory in the pod.

Where does their secrets solution excel?

  • Integration with the rest of the Kubernetes infrastructure. You can define and register a secret.
  • Ease of use for access. Just reading a file.

Where does their secrets solution fall short?

  • No auditing
  • Bad code allowing remote code execution exposes the secrets
  • Rolling secrets requires full deployment

Clone this wiki locally