K8s Pro Sentinel: Extend Secret Security in Kubernetes Cluster

Microservice architecture is widely adopted among distributed systems. It follows the modular approach that decomposes large software applications into independent services. Kubernetes has become the standard tool for managing these microservices. It stores sensitive information like database passwords, API keys, and access tokens as Secret Objects. There are security mechanisms employed to safeguard these confidential data, such as encryption, Role Based Access Control (RBAC), and the least privilege principle. However, manually configuring these measures is time-consuming, requires specialized knowledge, and is prone to human error, thereby increasing the risks of misconfiguration. This research introduces K8s Pro Sentinel, an operator that automates the configuration of encryption and access control for Secret Objects by extending the Kubernetes API server. This automation reduces human error and enhances security within clusters. The performance and reliability of the Sentinel operator were evaluated using Red Hat Operator Scorecard and chaos engineering practices.