วีดีโอ

It would have been helpful if you explained that you're not actually creating a cert, but merely creating a dummy CRD instance for demonstrative purposes, because although this lays out some aspects of CRDs you somewhat strangely stop short of covering getting actual code to run.

Is quite good actually. Thank you!

Johnson Donald Clark Jose Garcia Thomas

FYI it can be an issue if vault-auth.yaml is deployed in the fakeapp namespace instead of vault-secrets-operator-system. The VaultAuth resource typically needs to be in the same namespace as the Vault Secrets Operator (in this case, likely vault-secrets-operator-system) because the operator expects to find its authentication resources there.

Thank you for sharing this type of content.

NIce, correct speed to follow!

I appreciate your clear and understandable explanations, until now I haven't seen anything like it.

I just spent like 3 days trying to figure this out. Wish I saw this sooner! This is one of the simplest videos explaining this

Greate video! Very clear. Would you suggest to use Vault Secrets Operator other than the Vault CSI Provider ?

Great video, very informative.. can you do a tutorial for kubernetes + vault hosted outside of kubernetes . or guide on the configuration

Too good man

Thank you so much Man! Very clear and very simple for easy understanding. You earned a loyal sub <3

why are vso and the application and vault sts in different namespaces? vault in vault, vso in vault-secrets-operator-system, and the vaultAuth and the application deployment in the fakeapp namespace?? Is there any special reason for this?

i followed and implemeted it. but when I am trying to consume the dynamic username and password generated by vso. it is giving - FATAL: password authentication failed for user <dynamic username>.

awesome. awesome. it helped me a lot to close my long pending activities related to vault. expecting some sessions on Udemy or another platform.

its a great video. how can i implement dynamic cred for postgres with given ttl

There is no persistrnt volume configured in the second helm installation. Also, i think you have also used kubectl get to retrieve the admin password out of the 2nd installation. Just my guess！

Great video. Thanks.

Great video! Hello from Brazil. Thanks

Being a dev turned k8s engineer, this makes so much more sense. Love the simple explanation and looking forward to more. ❤ you got 1 more subscriber

really great video man thank you 💪

Easy to understand

Can you suggest here if we Hashicorp vault running in vm in cloud seperate from k8s then in this scenario can we use vso?

excellent

Great Bro, Could you plesae suggest any goo books for Golang and Kubernetes to do deep dive into this.

Didn't watch till the end but it's definitely valuable content ! Subscribed for next topics !

Really good explanation...

How are you automating things like enabling kv2 and popping in secrets?

Part 2 should be about operators if i may guess? Nice content.

Will there be a part 2 ?

When you displayed the ejections active in grafana, it was not clear to me which pod was the failing one. Where do you see which pod it is?

It would be very difficult to put a rule in Istio, depending on the Header or body of the request. Example: body{user:QA,...} , user = QA , then redirects to a specific service version, ex svc beta version ?

Here you deleted kube system and other its require to delete?

I think it needs port forwared before init. Do command: kubectl -n vault port-forward svc/vault 8200

Great content. wonder why you don't have subs in millions. One question, I am finding it difficult to understand the concept of renewal lease. I know that the creds will be renewed at 67% of ttl but when the leased is renewed and username and password is changed to new random username and password in the vault database engine. Will the VSO create new secret type resource "postgres" in kubernetes?

After following all the steps you shared, I am getting this error in Pod Logs "Fetching vault-demo/mysecret from vault.... {"errors":["1 error occurred: \t* permission denied "]}"........................................Not sure why im getting this error or how can i resolve this error

Awesome video! Can you help me understand something? If we have a deployment named dep1 with three replicas, will updating the credentials happen on all pods simultaneously or one by one when the deployment is updated as per your video sync 10.40, in my understanding as per your video suppose we are setting for 10s to refresh as you said but need to understand will this refreshment will be done in all pods together or 1:1?

Clear explanation 👏🏻

Thanks for the video, if we have multiples micro services then we have to use single operator vso or should deploy seperate for all micro services separately?

Thanks for the video 😊 As per the video in case of dynamic secrets whether we will get any downtime if credential will expire for related application and pods will redeploy with new credentials? Do we need to automate any logic to fetch new credentials for the application before expiry or VSO will take care?

Hi Informative video. But I have some doubts if you can help to answer clearly if possible: 1 if we use vault outside Kubernetes I.e in another vm or box, enable the kv2 engine, put some key values and inject the secrets from vault to kubernetes then how it’s possible? 2: we are using I think in vault as a statically updating the secrets then utilising the same in kubernetes if yes then how, can you make end to end video in depth how it’s working, I want to appreciate in advance. 3 In sync of your video can you suggest how we can list the other environment variables to utilise and are we writing the environment variables as key value to utilise or we are just temporarily exposing. 4 if possible try to keep video more in depth like as a suggestion for this video if you start like listing the nodes, give some 1 minutes intro on k9, how we can use the same, then after that we will create a seperate vault ns, the deployment vault from helm chart with the latest chart then list the chart value, after deploying the vault release, describe the pod whether it’s using STS for storage or using emtDir as volume and so on…. I know it will create video more lenthy but help to the viewer to added some knowledge in their skills.

very well explained!! Crisp and clear

Thank you for the video, but I have a question. In my case, I have a Kubernetes cluster. If I use Vault server in dev mode, the storage is in-memory, so when restarting the VM, the data created will be lost. Can I use Vault server and Vault Secrets Operator (VSO) in this scenario?

Great overview, thanks!

Great video... it's like the External Secret Operator (ESO). in VSO we use the VaultAuth and VaultStaticSecrets CRDs instead of SecretStore and ExternalSecrets CRDs in ESO. The only limitation I know on the ESO is that it support only the KV secret Engine in Vault.

How would you ideally from here utilize helm for all of the yamls... i see your github has all of the config etc hard coded and not in GO etc..

Information ℹ️

good

the best k8s tutorial ever... 😍🤩

Wow! I'm truly impressed by the amazing transformation you've undergone in your presentation and confidence since your earlier videos. Your growth and progress are truly inspiring! It's incredible to see how you've developed into a confident and engaging speaker. The content as always is helpful to all the developers like me who are new to k8s world. Keep up the good work!!!