Awesome content always, i must confess one thing honestly i never get tiered of watching your videos , i could stay glue for hours , you shared tons and tons of quality contents always , thank you so much for being there for guys. By the way can you upload a video on terraform infrastructure as code IAC, i have searched i didnt see anyone by you
First time here and really loved the explanation and the depth of it! Thanks for the video, and I will surely watch the rest of them on your channel! Thumbs up!
Absolutely love your style, the speed, how deeply you get into everything. Thank you so much, Marcel. Would be awesome if you could put together an entire HashiStack series. Nomad, Consul, and Boundary, especially. More ops and less dev but how these three work together with Vault is needed for setting up the environment for any dev. What do you think?
amazing video series , could you please help to create a consolidated video or playlist, which demonstrate the types of injecting configuration as per current in K8s pods i.e dynamically on pods, if possible statically, operators, dynamically.
Awesome! thank you for explaining this... I am in also on the fence between is vault "really" solving\facilitate secret management OR just overly complex...
Secret management is generally complex, especially when financial audits are involved and access to the secrets can only be authorised by more than two parties. This is generally where vaults come in. Simpler solutions exist, but they are mainly around focusing on secret hygiene, for example protecting secrets with RBAC so they cannot be retrieved once created, prevent exec into containers, limit who can create secrets.. etc
Thank you for your videos. I have a problem with vault being initialized already on installation. I think this is because I have previously installed (using terraform's helm provider), initialized and unsealed it on my GKE cluster to test out but removed (using terraform) it after some trials. How do I uninitialize vault in this case to restart again? Thank you for your time!
Considering a scenario where we have a pod running with some backend application connected with AWS RDS database using vault due to high traffic these pods and nodes needs to scale and communicate with the database pretty frequently so as the vault creates temporary credentials isnt it consuming the disk usage by creating users and more connections happening with RDS. (Just got this question into my head). Hoping for a reply with solution. Thank you . Love your content
Thanks for the kind words 🙏🏼 Secret rotation should have zero impact to application performance. You should tune your database client to handle connections efficiently and can establish new connections when a new secret comes along. This should not create disk IO unless the application is written incorrectly
@@MarcelDempers Got it thank you.....have a small question If Pods are created with Front end app (Nodejs) and backend (mYsql) with EBS scaling is easy using Cluster and Pod scaling ....... But here how to app pods has communication with other MySQL pods from other nodes to have consistent data ? How does these MySQL EBS pods distribute it's all data accross the app pods?
Seems that the certificate is expired. $ vault operator init Error initializing: Put 127.0.0.1:8200/v1/sys/init: x509: certificate has expired or is not yet valid
I bypass this adding this "- name: VAULT_SKIP_VERIFY value: "true" after line 94 on the file "server-statefulset.yaml". Nos is pendding how to upgrade with valid certificate.
I received this error: Error initializing: Put 127.0.0.1:8200/v1/sys/init: x509: certificate has expired or is not yet valid. can you please provide solution ?
Get error as soon as I do vault operator init: Get "127.0.0.1:8200/v1/sys/seal-status": x509: certificate has expired or is not yet valid: current time 2022-11-27T09:07:18Z is after 2021-03-02T22:46:00Z
I am wondering if where I can see the video of setting up vault, cert-manager for kubernetes to auto renewal of certificates, would be awesome if you can share your experience
Appreciate the effort but bro take a step back, don't just talk into my face with words, visualize it for me from the start... i'm trying to learn this and I don't know what you're saying.
The fact you explain this stuff without using the insane amount of buzzwords and cryptic terminology that other guides use is phenomenal. Great work!
The only person who could explain the concepts and how Vault works in one go!
I've been watching lots of video on this HashiCorp Vault but only here I found answers to all my questions regarding vault.
Thanks for the video mate!
Absolutely fantastic video. I love that you've started with this demo to explain it, then gone into more details in part 2.
Yea this is great. Super clear and crisp delivery without rabbit-holing at all. I'm sure you're a great public speaker!
Thanks for the kind words, I'm glad you enjoyed it :)
Great way of wxplaining things. Agree, your lecture is compact, easy to understand and relevant indeed!
Super simple and clear tutorials. Thank you so much!
Fantastic Series , Kudos for all your knowledge sharing and efforts here !
Awesome content always, i must confess one thing honestly i never get tiered of watching your videos , i could stay glue for hours , you shared tons and tons of quality contents always , thank you so much for being there for guys. By the way can you upload a video on terraform infrastructure as code IAC, i have searched i didnt see anyone by you
absolutely worth watching.
First time here and really loved the explanation and the depth of it! Thanks for the video, and I will surely watch the rest of them on your channel! Thumbs up!
Thank you so much for these! They really help alongside the official documentation :)
Quite informative tutorial. hope to see such content more in future. Thanks alot
Im really sad that I cant give more then one thumbs up :) really great video, thank you
Absolutely love your style, the speed, how deeply you get into everything. Thank you so much, Marcel. Would be awesome if you could put together an entire HashiStack series. Nomad, Consul, and Boundary, especially. More ops and less dev but how these three work together with Vault is needed for setting up the environment for any dev. What do you think?
amazing video series , could you please help to create a consolidated video or playlist, which demonstrate the types of injecting configuration as per current in K8s pods i.e dynamically on pods, if possible statically, operators, dynamically.
thank you for the video its a very good starting point
Really good and helpful video . Thanks
Love your videos dude! Also a fellow software developer form South Africa
Baie dankie! en groette daar 😃💪🏽
thank you
Please make a tutorial on JFrog running on Kubernetes(Installation & Configuration), using it as an artifactory
Thank you this very good so far
Great Video!!! First timer. Was wondering if you could make a video explaining how to deploy Vault on k8s gcloud cluster using an Operator : )
Awesome! thank you for explaining this... I am in also on the fence between is vault "really" solving\facilitate secret management OR just overly complex...
Secret management is generally complex, especially when financial audits are involved and access to the secrets can only be authorised by more than two parties. This is generally where vaults come in. Simpler solutions exist, but they are mainly around focusing on secret hygiene, for example protecting secrets with RBAC so they cannot be retrieved once created, prevent exec into containers, limit who can create secrets.. etc
Just best. Like always 👍
I have a question, that /vault/secrets/ directory is world readable... Isn't that a bit "not secure" ?
Marcel this is pure gold!
Thank you for your videos. I have a problem with vault being initialized already on installation. I think this is because I have previously installed (using terraform's helm provider), initialized and unsealed it on my GKE cluster to test out but removed (using terraform) it after some trials. How do I uninitialize vault in this case to restart again? Thank you for your time!
Considering a scenario where we have a pod running with some backend application connected with AWS RDS database using vault due to high traffic these pods and nodes needs to scale and communicate with the database pretty frequently so as the vault creates temporary credentials isnt it consuming the disk usage by creating users and more connections happening with RDS. (Just got this question into my head). Hoping for a reply with solution.
Thank you .
Love your content
Thanks for the kind words 🙏🏼
Secret rotation should have zero impact to application performance.
You should tune your database client to handle connections efficiently and can establish new connections when a new secret comes along.
This should not create disk IO unless the application is written incorrectly
@@MarcelDempers Got it thank you.....have a small question If Pods are created with Front end app (Nodejs) and backend (mYsql) with EBS scaling is easy using Cluster and Pod scaling ....... But here how to app pods has communication with other MySQL pods from other nodes to have consistent data ? How does these MySQL EBS pods distribute it's all data accross the app pods?
Great video
yet again i check out k8s obelix videos to gain better devops skills
nice video!
Seems that the certificate is expired. $ vault operator init
Error initializing: Put 127.0.0.1:8200/v1/sys/init: x509: certificate has expired or is not yet valid
I bypass this adding this "- name: VAULT_SKIP_VERIFY value: "true" after line 94 on the file "server-statefulset.yaml". Nos is pendding how to upgrade with valid certificate.
Or store the Seal Keys in a proper KMS System from a Cryptovendor ;-)
amazing video ❤️
thanks a lot!!
You should kill the root token ASAP because it has no any logging. I mean... You can't do any meaningful activity tracking.
I received this error: Error initializing: Put 127.0.0.1:8200/v1/sys/init: x509: certificate has expired or is not yet valid. can you please provide solution ?
Get error as soon as I do vault operator init:
Get "127.0.0.1:8200/v1/sys/seal-status": x509: certificate has expired or is not yet valid: current time 2022-11-27T09:07:18Z is after 2021-03-02T22:46:00Z
you'll need to generate a new cert as shown in the guide
@@MarcelDempers Vault 2022 video worked for me.
Thank you for making these videos. Really helpful and appreciate the level of details in your explanations.
Great work @Marcel ...eagerly waiting for the next video on HA & how secrets gonna be used btw vault and the pods along with best practices.
@Marcel I have a kind suggestion can you please made a Azure Tutorials please I always enjoy your Video.
Very indepth vid, super good work.
Very impressive. Thanks for your contribution
I have a small doubt. Why do you provide the vault pod with a service account. It doesn't need access to any of the cluster resources right?
Waou Amazing video
Thank you very much! ❤
Mate your videos are amazing! Great editing, great music taste and super informative, subbed bro keep going!
I'm glad you enjoyed it, thanks for the support ❤
Wonderful knowledge sharing session ... Love it !!!
I am wondering if where I can see the video of setting up vault, cert-manager for kubernetes to auto renewal of certificates, would be awesome if you can share your experience
Hey Hai
Can we do auto unseal process within vault yaml files, can you please let me know if there is process.
Nice explanation. waiting for HA version.
Also, if possible share the difference between using etcd clusters vs consul. Thanks
I try to use it on Azure, but i don't found how to expose correctly the app..
Great job and good explanations. thanks !!
Your videos are killer
You Rock!!
Coolest !! :)
nice video
@marcel inject vault secrets to my pods in path /vault/secrets/mysql/, how am i supposed to use that secrets in my java application, thanks
Awesome ! Thank you
GREAT!!👏👏
Appreciate the effort but bro take a step back, don't just talk into my face with words, visualize it for me from the start... i'm trying to learn this and I don't know what you're saying.