Secure Databases on Kubernetes

Secure your Databases on Kubernetes via TLS/SSL encryption. KubeDB offers options to choose to maintain security for your Databases on Kubernetes.

$ helm repo add appscode https://charts.appscode.com/stable/
$ helm repo update
$ helm install kubedb appscode/kubedb \
  --version v2022.03.28 \
  --namespace kubedb --create-namespace \
  --set kubedb-provisioner.enabled=true \
  --set kubedb-ops-manager.enabled=true \
  --set kubedb-autoscaler.enabled=true \
  --set kubedb-dashboard.enabled=true \
  --set kubedb-schema-manager.enabled=true \
  --set-file global.license=/path/to/the/license.txt
Encryption at rest and in transit

Encryption at rest and in transit

You can secure your Databases with TLS using KubeDB. Also, KubeDB allows you to use encrypted storage for your databases using keys you manage through your cloud provider’s key management service.

Network isolation

KubeDB provisioned database instances by default runs inside the private Kubernetes pod network. To further secure your database instances, you can configure network policies so that only the necessary pods can communicate with database pods. It creates firewalls between pods running on a Kubernetes cluster.

Network isolation
Resource-level permissions

Resource-level permissions

KubeDB is integrated with Kubernetes Role Based Access Control (RBAC) and provides you the ability to control the actions that your Kubernetes users and groups can take on specific KubeDB database instances. For example, you can configure your RBAC roles to ensure developers are able to modify **Development** database instances, but only Database Administrators can make changes to **Production** database instances.

Private registry & air-gapped cluster

KubeDB operator can be configured to work with an in-cluster private registry. This makes KubeDB viable to run an air-gapped Kubernetes cluster. Cluster administrators can use private registries to ensure that only pre-approved docker images are able to run inside a cluster.

Private registry & air-gapped cluster
Database User management

Database User management

KubeDB by default creates the root user account for every database that it supports. And also you can provision additional database users with custom permissions and rotate their credentials using KubeVault. Database secret engines in Vault generate database credentials dynamically based on configured roles. Using KubeVault, you can configure a secret engine, create roles and issue credentials from Vault. You can request credentials and after it's been approved by the database administrator, the Vault operator will create a Kubernetes Secret containing the credential and also creates RBAC Role and RoleBinding so that the user can access the Secret.

What They Are Talking About us

Trusted by top engineers at the most ambitious companies

Run and Manage your Database on Kubernetes FREE !

KubeDB community edition is FREE to use on any supported Kubernetes engines. You can deploy and manage your database in Kubernetes using KubeDB. There is no up-front investment required. We offer a 30 days license FREE of cost to try KubeDB Enterprise edition.