- 68
- 284 517
Learn with GVR
Singapore
เข้าร่วมเมื่อ 16 ธ.ค. 2021
Resolve the complexities of learning...
Easy, Simplified Learning of Containers, Kubernetes, Cloud, Security & Design concepts etc
Please Subscribe, Like & Comment
Connect with me in linkedIn
Easy, Simplified Learning of Containers, Kubernetes, Cloud, Security & Design concepts etc
Please Subscribe, Like & Comment
Connect with me in linkedIn
Terraform Test Mocking - Terraform v1.7.0 - Mocking Framework for IaC, Explained with Demo
Terraform Test Mocking - Terraform v1.7.0 - Mocking Framework for IaC, Explained with Demo
Chapters:
00:00 Introduction
00:06 Background
01:54 terraform test structure
02:40 test run block
03:05 run block assert
04:58 Purpose of Test Mocking
09:04 test mocking types
10:16 about mock_provider
12:32 mock_provider block syntax
13:49 about overrides
17:05 overrides block syntax
18:06 overrides block usage
19:04 test mocking structure
20:22 Demo of test mocking
official documentation:
developer.hashicorp.com/terraform/language/tests
developer.hashicorp.com/terraform/language/tests/mocking
github repo's:
github.com/learnwithgvr/terraform_test
github.com/learnwithgvr/terraform_test_mocking
Chapters:
00:00 Introduction
00:06 Background
01:54 terraform test structure
02:40 test run block
03:05 run block assert
04:58 Purpose of Test Mocking
09:04 test mocking types
10:16 about mock_provider
12:32 mock_provider block syntax
13:49 about overrides
17:05 overrides block syntax
18:06 overrides block usage
19:04 test mocking structure
20:22 Demo of test mocking
official documentation:
developer.hashicorp.com/terraform/language/tests
developer.hashicorp.com/terraform/language/tests/mocking
github repo's:
github.com/learnwithgvr/terraform_test
github.com/learnwithgvr/terraform_test_mocking
มุมมอง: 214
วีดีโอ
Terraform Test - Terraform v1.6.0 - Native Test Framework for IaC, Explained with Demo
มุมมอง 2.2K9 หลายเดือนก่อน
Terraform Test - Terraform v1.6.0 - Native Test Framework for IaC, Explained with Demo Chapters: 00:00 Introduction 00:51 Background 05:05 Purpose of terraform test 06:58 About terraform test 10:23 Terraform test tun block 15:12 some important notes 17:53 terraform test Demo official documentation: developer.hashicorp.com/terraform/language/tests github repo: github.com/learnwithgvr/terraform_test
AWS KMS Key Management Service - Concepts Explained with Encryption Decryption Demo
มุมมอง 7Kปีที่แล้ว
AWS Key Management Service - Concepts Explained with Encryption Decryption Demo Chapters: 00:00 About KMS 00:36 Encryption Decryption 01:35 Where is Encryption 02:53 AWS KMS Encryption - Key Types 04:10 AWS KMS - Key Usage 05:13 AWS KMS Envelop Encryption 07:32 AWS KMS Decryption 08:30 AWS KMS Symmetric & Asymmetric 10:22 AWS KMS Key - Service Types 12:13 AWS KMS Alias 15:06 AWS KMS Key - Polic...
Kubernetes v1.26 - Traffic Engineering - Service EndpointSlices, External & Internal Traffic Policy
มุมมอง 1.4Kปีที่แล้ว
Kubernetes v1.26 - Traffic Engineering - Service EndpointSlices, External & Internal Traffic Policy Chapters: 00:00 Intro 00:13 Servce IP 07:23 Endpoint vs EndpointSlices 09:46 Servce EndpointSlices 13:03 Consumers of EndpointSlices 14:17 EndpointSlice Yaml 14:48 EndpointSlice conditions 17:19 Servce ExternalTrafficPolicy 20:03 ExternalTrafficPolicy local 25:15 Kube proxy ProxyTerminatingEndpoi...
Mount External Vault Secret in Kubernetes Pod through CSI Volumes
มุมมอง 1.5Kปีที่แล้ว
Mount External Vault Secret in Kubernetes Pod through CSI Volumes Chapters: 00:00 Intro 00:51 Vault - kubernets use cases 03:00 v1.25 CSI Inline volumes with AWS SecretManger 04:16 Demo - Vault Secret in Pod through CSI Volumes Documentation: kubernetes.io/docs/concepts/scheduling-eviction/pod-scheduling-readiness/ K8S Cluster github: github.com/ramanagali/k8s-cluster Vault Server: github.com/r...
Kubernetes v1.26 - Pod Scheduling Readiness SchedulingGates - Alpha feature
มุมมอง 626ปีที่แล้ว
Kubernetes v1.26 - Alpha feature - Pod Scheduling Readiness SchedulingGates Chapters: 00:00 Intro 00:19 Kube Scheduler Node Assignment 03:03 Filtering and Scoring Behaviour 04:19 Scheduling Stage Extension Points 05:23 Scheduling Plugins 07:03 Pod Scheduling Readiness 09:01 Pod SchedulingGates 10:20 Pod SchedulingGates Yaml 10:48 Demo 1 Pod SchedulingGates Documentation: kubernetes.io/docs/conc...
Kubernetes v1.26 - Validating Admission Policy - Alpha Feature
มุมมอง 484ปีที่แล้ว
Kubernetes v1.26 - Alpha feature - Validating Admission Policy 00:00 Intro 00:18 How Admission Controllers work in K8S 01:53 Validating Admission Webhook 04:25 ValidatingAdmissionPolicy Architrecture 06:35 ValidatingAdmissionPolicy YAML file 11:59 ValidatingAdmissionPolicy failure types 13:33 Common Expression Language (CEL) 18:06 difference Validating Admission Policy and webhook 20:07 Demo 1 ...
Kubernetes v1.26 - Container Runtime Interface (CRI) - API v1
มุมมอง 1.5Kปีที่แล้ว
Kubernetes v1.26 - Container Runtime Interface (CRI) - API v1 Chapters 00:00 Introduction 00:43 Kubeadm cluster provisioning 02:12 Before CRI 03:36 CRI Architecture - Implementers 05:05 CRI Architecture - Components 08:56 ContainerD 10:33 kubeadm kubelet flags 12:27 K8S ContainerD - CRI version 15:03 v1.26 CRI support to v1 Documentation: kubernetes.io/blog/2022/12/09/kubernetes-v1-26-release/ ...
Kubernetes v1.26 - Change in container image registry registry.k8s.io
มุมมอง 1.5Kปีที่แล้ว
Kubernetes v1.26: Electrifying - Change in container image registry registry.k8s.io Chapters: 00:00 About Topic 00:29 Kubernetes v1.25 changes 01:55 whats in v1.26 03:01 what is k8s.gcr.io 04:45 Why new registry.k8s.io 06:43 registry.k8s.io edge locations 08:38 Container Registry Service 10:54 Kubeadm & kubelet config Kubernetes v1.25 - Container registry service from k8s.gcr.io to registry.k8s...
Kubernetes Secret Data Encryption at Rest - v1.25 - KMS v2 alpha1 AWS KMS
มุมมอง 2Kปีที่แล้ว
Kubernetes Secret Data Encryption at Rest - v1.25 - KMS v2 alpha1 AWS KMS Chapters: 00:00 Introduction 00:14 Encryption, Decryption Symmetric Encryption 02:15 Envelope Encryption AWS KMS 05:17 KMS Decryption 06:19 Kubernetes Secrets API call - default nature 12:07 Encrypt Secret data at Rest 12.30 Kubernetes EncryptionConfiguration 14:53 Kubernetes EncryptionConfiguration Providers 15:47 Kubern...
Kubernetes Volume Plugins, Pod Volume Types - v1.25
มุมมอง 851ปีที่แล้ว
Kubernetes Volume Plugins, Pod Volume Types - v1.25 Chapters: 00:00 Introduction 00:06 CSI Driver 00:37 Secret as volume 00:51 CSI empehemral volume 01:19 About kubernetes Volume plugns 03:27 Pod Volume Types 14:25 Deprecated Pod Volume Types YAML files github.com/ramanagali/yaml K8s Cluster github.com/ramanagali/k8s-cluster CKS playlist: th-cam.com/play/PLFkEchqXDZx6Bw3B2NRVc499j1TavjOvm.html ...
Kubernetes v1.25 - CSI Inline Volumes - secrets-store.csi.k8s.io with AWS EKS secrets manager
มุมมอง 2.7Kปีที่แล้ว
Kubernetes v1.25 - CSI Inline Volumes - secrets-store.csi.k8s.io with AWS EKS secrets manager Chapters: 00:00 Introduction 00:36 CSI Driver 03:56 CSI Driver Purpose 05:47 Dynamic Provisioning 07:02 Volume,VolumeMount - HostPath-emptyDir 08:30 Secret Usage in Pod 09:58 CSI Driver Secret Store 13:15 Generic ephemeral volumes 16:28 CSI ephemeral inline volumes 22:23 CSI Driver image populator 24:0...
Kubernetes v1.25 - endPort in Network Policy
มุมมอง 913ปีที่แล้ว
Kubernetes v1.25 - endPort in Network Policy Chapters: 00:00 About Topic 00:36 NetworkPolicies 05:49 NetworkPolicy Yaml 10:23 NetworkPolicy IMP Notes 12:48 NetworkPolicy Examples 13:03 NetworkPolicy endPort Example 14:14 NetworkPolicy multiport endPort Demo YAML files github.com/ramanagali/yaml K8s Cluster github.com/ramanagali/k8s-cluster Docker Images: hub.docker.com/r/alekssaul/multiportingr...
Kubernetes v1.25 - Container registry service from k8s.gcr.io to registry.k8s.io
มุมมอง 1.4Kปีที่แล้ว
Kubernetes v1.25 - Moved Container registry service from k8s.gcr.io to registry.k8s.io Chapters: 00:00 About Topic 00:15 Kubernetes v1.25 new changes 01:00 Kubernetes v1.24.3 and 1.25 Container Registry changes 03:16 Container Registry Service 05:39 Kubeadm Config 07:53 k8s.gcr.io - k8s-artifacts-prod 09:32 Image Promoter 10:59 Why new registry.k8s.io 13:16 registry.k8s.io - OCI Proxy 17:21 reg...
Kubernetes - CNI, How Pod is created and gets IP address - pause container with containerd
มุมมอง 4.5K2 ปีที่แล้ว
Kubernetes - CNI, How Pod is created and gets IP address, Pause Container with containerd Chapters: 00:00 About topic 00:07 CRI 00:40 Kubernetes Networking Model 01:52 Container Network Interface - CNI 04:30 What CNI Does 05:58 Kubelet-CRI-CNI-Netowrk flow 08:56 NodeIPAM podCIDR 16:57 Container Networking Single Node 18:28 Container Networking Multi Nodes 19:31 How POD gets IP 23:37 What is Pau...
ContainerD Debugging Client Tool CLI - CTR with demo
มุมมอง 1.9K2 ปีที่แล้ว
ContainerD Debugging Client Tool CLI - CTR with demo
Hashicorp Vault - Auto-unseal using AWS KMS #12
มุมมอง 2.6K2 ปีที่แล้ว
Hashicorp Vault - Auto-unseal using AWS KMS #12
Hashicorp Vault - Vault Audit Devices #11
มุมมอง 1.6K2 ปีที่แล้ว
Hashicorp Vault - Vault Audit Devices #11
Hashicorp Vault - Vault Agent, Caching, Entity Identity Group & Response Wrapping #10
มุมมอง 1.4K2 ปีที่แล้ว
Hashicorp Vault - Vault Agent, Caching, Entity Identity Group & Response Wrapping #10
Hashicorp Vault - Vault deployment architecture #9
มุมมอง 1.2K2 ปีที่แล้ว
Hashicorp Vault - Vault deployment architecture #9
Hashicorp Vault - Vault API - Authenticate & Access Vault secrets via Curl -#8
มุมมอง 2.8K2 ปีที่แล้ว
Hashicorp Vault - Vault API - Authenticate & Access Vault secrets via Curl -#8
Hashicorp Vault - Transit Secrets Engine - Encryption as a Service - #7
มุมมอง 2.8K2 ปีที่แล้ว
Hashicorp Vault - Transit Secrets Engine - Encryption as a Service - #7
Hashicorp Vault - Lease, purpose of a lease ID, Renew & Revoke leases with Dynamic Secrets - #6
มุมมอง 1.6K2 ปีที่แล้ว
Hashicorp Vault - Lease, purpose of a lease ID, Renew & Revoke leases with Dynamic Secrets - #6
Hashicorp Vault - Tokens, Types, Root, Accessors, Service vs batch tokens, Orphan Tokens & TTL - #5
มุมมอง 2.1K2 ปีที่แล้ว
Hashicorp Vault - Tokens, Types, Root, Accessors, Service vs batch tokens, Orphan Tokens & TTL - #5
Hashicorp Vault - Policies Creation, Syntax and Capabilities - #4
มุมมอง 2.4K2 ปีที่แล้ว
Hashicorp Vault - Policies Creation, Syntax and Capabilities - #4
Hashicorp Vault - Human vs. system auth methods - AppRole Pull Authentication - #3
มุมมอง 10K2 ปีที่แล้ว
Hashicorp Vault - Human vs. system auth methods - AppRole Pull Authentication - #3
Hashicorp Vault - Authentication Methods - #1
มุมมอง 13K2 ปีที่แล้ว
Hashicorp Vault - Authentication Methods - #1
Hashicorp Vault - Installation, Operator Seal, Unseal and Login process
มุมมอง 6K2 ปีที่แล้ว
Hashicorp Vault - Installation, Operator Seal, Unseal and Login process
Hashicorp Vault - What is Vault, Overview, Use Cases & Architecture Explained
มุมมอง 16K2 ปีที่แล้ว
Hashicorp Vault - What is Vault, Overview, Use Cases & Architecture Explained
Very nice demo. Thank you!
Also, could i know what terminal software you use? is it iterm2, or warp?
it's iterm2
One question: is it possible to apply a psp to the default service account? since i think it may be more important for a pod is run under the default sa if no specific service account is specified.
Yes, we can apply and it's highly recommended for enhanced security By applying PSS to the default service account, you can significantly improve the security posture of your Kubernetes cluster and protect your applications and data from unauthorized access and potential vulnerabilities
Its 💎. Thanks alot
Thanks Bro
is this still a valid series for CKS in 2024? i am planning to give next month.
CKS new curriculum is applicable from Sept 12 onwards...so better plan before that. If not no issue there is slight change
Are you need a Thumbnail designer ?
Share your email
what if I have ten nodes then the job will create the pod in any node, and it will provide information about that node only right? what about the rest nodes?
Yes. While installing Kubebench on every node can provide granular insights into the security posture of each individual node, it's not always necessary or practical Pros: it provides detailed security assesment of everynode, Can detect, identify and resolve security issues of the Nodes Cons: kube bench will consumer resources Managing and monitoring of kube bench is time consuming Collecting security data from every node can generate a large volume of information that may be difficult to analyze If it is a small cluster, it's a feasible to have a cube bench in the nodes If your organization requires security assessment completely on all the nodes then go for it Deploy Kubebench on a dedicated node or a management cluster to scan all nodes periodically is the better approach Hope this helps. Thanks for asking this question
Thanks
Cheers
Awesome detailed explanation
Thank you
Sir please do the additional topics added for cks kubernetes - newchanges from sep12
Sir please do the additional topics added for cks kubernetes - newchanges from sep12 .
thanks for suggestion. sure will do.
Please do cks new topics which are going to be added from sep12 for upcoming cks exam.
thanks for your input. sure will do soon
Excellent video, thanks for the info!
Thank you
sir you give best explanation, thank you for uploading 🙏 please uploading interview questions for aws
Thank you Ravi Prakash. sure will try to creat videos on AWS interview questions
u are a great teacher.
Thank you
Excellent explanation with all your expertise, Dear GVR. I'm sure this content of yours will stay at the top among all for many more years. Thank you for making it easy to understand.
My pleasure, keep learning
Thanks for your video; it's useful. One piece of advice: It looks like you have a good microphone but no pop filter, or it's positioned incorrectly. There are intense plosive sounds. When you try to fix it, your sound will be much better than now!
thanks for suggestion, cheers
IS THIS THE COMPLETE TRAINING PLAYLIST ON KUBERNETES SECURITY ?
yes pls check my playlists in the channel
It would be great to see gcp example
same for GCP aswell, tftest.hcl, tfmock.hcl files and run will remain same irrespective of AWS/GCP/Azure simplest way i would suggest is...search github for any GCP code and add tests to it
greate videos. Thanks for the content. I like the way your terminal shows color? How did you configure it this way? Is it any plugin or any other terminal?
Thanks bro for the feedback. It's iTerm2 terminal for Mac. Applied autosuggestion, syntax highlight and kubecolor on top it for kubectl colours
You should do an additional video to explain what has changed for the CKS. This content is amazing!
Great suggestion!, will do soon, thank you
Nice video. What's the name of your mic?
Thanks, it's Audio-Technica ATR2100x-USB Cardioid Dynamic USB XLR Microphone
@@learnwithgvr Thank you
❤❤
thank you
Thxs! good video!
thank you
hello thank u but can u tell me why with the new user it only show the default namespace not all of them somoene can help ?
if do not specify it will consider defult namespace. if you want any specific namespace you can update your kubeconfig desired context namespace
excellent explanation
thanks a lot
Nice video and informative. Please reduce filler words. Repetitively using basically word. Sometimes it’s kind of annoying
Thanks for the feedback, it was first video and listen 1.5x speed for better reach
very good demo.
Thank you for feedback
Thank you for the video and for answering the multi-region question below. Thumbs-up!. A few suggestions: 1. Point the viewers to the fact when auto unseal is configured Vault generates "Recovery" keys, and NOT "Unseal" keys 2. Explain how the auto unseal works - at startup Vault will connect to the device or service implementing the seal and ask it to decrypt the root key Vault read from storage.
Thank you George
amazing explanation
Thank you
Hi sir, you are doing videos in very details and insights, so we are kindly request please continue..........
Thank you Maheshwar...sure will continue the videos. Any new topics you are looking please message here
Very good presentation thank you 😊 should we give the application (Jenkins) the roleID and the secretID to authentificate or the generated token ?
Yes can, logic is jere RoleId and Secret Id dual authentication, generate token
i have learnt many things from u man i jst wnna request u plz do a devsecops series where you cover each and everytool of devsecops like kubebench kubelint and also do a calico administration series
Thanks for suggestion and feedback. Sure will try to make these videos
@@learnwithgvr you must be ur teaching skill is awesome
One of the best video of kms on youtube
Thanks a lot. Any suggestions/requests for making aws services videos
Superb and straight forward with complete details.Thnaks for the effort
Thanks a lot Rahul. keep learning
Amazing tutorial on K8Certs. Really superb. First 40 minutes are really outstanding but from there I felt little complicate. May be too much depth of k8. Thank you very much for your great efforts. 🤗
Thanks Bro ..keep learning
Simply Superb
Thanks bro
very crystal clear explanation of CRD...Great work
Thanks bro
great video.
Thank you, keep learning
This is GOLD!
thank you for the feedback. keep learning
..really good presentation ,,,if someone wants to know PAM in 23 mins ..will wait for upcoming presentations ....
Kubernetes pod security policy is removed from CKS exam curriculum. Instead PodSecurity Standard and Pod Security admission.
Nice, Thanks for the detailed explanation.
Hi brother i need some information on how can we setup opa policy for externalname services that fails if a service is created of type externalname with port name that doesn't follow the istio convention
How can we avoid all the manual work for kuberenetes auth configuration, role etc... As DevOps engineers we prefer Infa as code
Any idea? Maybe an init job that configures the kubernetes auth in vault side?
Great! where is custom controller video?