Hello Remi,

You’r right, things need to done so someone using a containerized application cannot escape and get full access to the container and to the underlying host. This goes through the usage of Linux security primitive, Security context, …

In Kubernetes, as secrets are not encrypted by default, there are some external tools that can be used to secure them like Hashicorp Vault, Sealed Secret (from Bitnami).