@AbhishekVeeramalla To understand the topics you have taken the multiple approach to explain the details instead of repeating same things for your subcribers or whose is egar to learn it....❤❤❤
I completed all the steps and verified them in the console but at the final stage, the pod remained in the "container creating" state due to an RBAC issue. Due to time constraints, I was unable to troubleshoot this issue fully. but yes I gained a clear understanding of Azure Key Vault and how pods access external vault using managed identity through the CSI driver and the vault vendor provider running on k8s cluster as daemon sets.
thanks for the video bro. small doubt, you are using managed identity to have access between resources. but how can we use managed identity if they are in different subscriptions..does managed identity work in between resources in different subscriptions
The reason you getting error while creating keyvault from Azure CLI is that there was a space between your name , in Abhi , the space is present between h and i .
Hi Abhishek, Please can you help us in the last part when creating the pod its going into container creating state. i have checked the permissions its given as how you gave. I see other person in the chat also faced the same issue PLEASE ABHISHEK! Thanks. Pavan
You should create key1 and secret1 in key vault. You might have not created them. You can describe the pod to see what is the error, it should be the error mostly.
@@AbhishekVeeramalla I have created with different name for key and secret updated those names in the Storage Provider Class When I do describe pods it says Caller is not authorized to perform action on resource. But I have double checked and given permissions as you gave
This is absolutely top notch explanation from you Abhishek bhai 💗.😀. Can you please assist me how we can write the Docker service connection parameter post adding the key pair value in Azure secrets vault .
Hey Abhishek, I have completed all the steps and is in the final stage pod creation stage, but the pods goes in "container-creating' stage I have checked all the RBAC permissions as you showed in the video and also have created key1 and secret1, but still pod is in container creating stage. Please Help
Hello @Abhishek. Can we create the system managed identity and associate it with virtual machine scale set and create a secret storage provider class and mount that secret to the pod . Can we do this way ! If yes, Which is more feasible way. I request you to please through some light on this topic as well and request you to pelase create a video where if you can explain what are the different way to integrate AKS with any Azure Services and what is suitable in what scneario as this would definitely help lot of people to understnd when to use system mg identity, when to use user assigned mg identity and when to use Service Principal. If you can clear out this in any video then this would be of great use to everyone and the community as well.
Thank you so much for sharing this video. I have a question. Using the secretproviderclass, how can secret be injected for ingress to consume. Imagine my wildcard certificate and key is present In a path in Hashicorp vault. I tried to do this but since Ingres doesn’t mount volume it didn’t work. How can I achieve this? Thank you
hello in the documentation git adjustament this line export KEYVAULT_SCOPE=$(az keyvault show --name $KEYVAULT_NAME -g $RESOURCE_GROUP --query id -o tsv) , this error is for -g $RESOURCE_GROUP no mapping.
when i ran the cmd: "az aks create --name keyvault-demo-cluster -g keyvault-demo --node-count 1 --enable-addons azure-keyvault-secrets-provider --enable-oidc-issuer --enable-workload-identity"; getting error:incorrect padding when creating aks cluster....anyone help ?
completed the demo successfully... Thanks to you Abhi, i perfectly understand the OIDC Federation, managed identity and CSI concept.
😍
Implemented everything as is, everything worked great!! Thank you
You're welcome!
@AbhishekVeeramalla To understand the topics you have taken the multiple approach to explain the details instead of repeating same things for your subcribers or whose is egar to learn it....❤❤❤
Thanks
Really great video. Keep making such detailed videos. Thanks Abhishek.
Thanks for this demo Abhi
My pleasure 😊
Yes Monitoring is most asked in interviews
Much appreciated sir❤❤❤
My pleasure
Thank you Anna❤
Thanks
great video and thanks alot abhishek
Thanks a lot for this video...🤩
Most welcome 😊
One-man army:).. hopefully, one day I'll possess one-fourth of your knowledge
😍
Thanks
Thank You ❤
Clear explanation - But need practise on my end
Thanks
hi abhi, 41:18 for this, you might be --assignee first come then --role will later as per error message instructions, I am not sure may be it's work
May be yeah, I did not troubleshoot much as I was recording.
No .. there was extra space at end @abhishek
Thank you so much
You're most welcome
Thanks sir 🥇🥇🥇🥇🥇🥇
😍😍😍
Hi Abhishek, perfectly understand. If we uses csi driver to fetch secrets, do we really need to restart pod if secret renews?
I completed all the steps and verified them in the console but at the final stage, the pod remained in the "container creating" state due to an RBAC issue. Due to time constraints, I was unable to troubleshoot this issue fully. but yes I gained a clear understanding of Azure Key Vault and how pods access external vault using managed identity through the CSI driver and the vault vendor provider running on k8s cluster as daemon sets.
😍😍😍
thanks for the video bro. small doubt, you are using managed identity to have access between resources. but how can we use managed identity if they are in different subscriptions..does managed identity work in between resources in different subscriptions
The reason you getting error while creating keyvault from Azure CLI is that there was a space between your name , in Abhi , the space is present between h and i .
Can we expect a video on aks workload identity implementation in this series ??
We implemented workload identity in this video
Hi Abhishek,
Please can you help us in the last part when creating the pod its going into container creating state. i have checked the permissions its given as how you gave.
I see other person in the chat also faced the same issue
PLEASE ABHISHEK!
Thanks.
Pavan
You should create key1 and secret1 in key vault. You might have not created them.
You can describe the pod to see what is the error, it should be the error mostly.
@@AbhishekVeeramalla I have created with different name for key and secret updated those names in the Storage Provider Class
When I do describe pods it says
Caller is not authorized to perform action on resource.
But I have double checked and given permissions as you gave
Where are you executing those commands?? Is it CMD? Or other terminal im kinda confused please help
Please start with day 1 of devops zero to hero course. Btw I am using the mac in built terminal
In windows what can we use then? @@AbhishekVeeramalla
@@The_boogie_tales you can use powershell, makesure azurecli is installed
Thanks, how do people use the mounted secrets as environment variables for any app inside pod. Recommended way.
This is absolutely top notch explanation from you Abhishek bhai 💗.😀. Can you please assist me how we can write the Docker service connection parameter post adding the key pair value in Azure secrets vault .
How can we assign ssl certificate stored key valut to either port or AG ingress controller so applications can be securely accessed over internet?
Please explain SPN concepts
Hey Abhishek, I have completed all the steps and is in the final stage pod creation stage, but the pods goes in "container-creating' stage
I have checked all the RBAC permissions as you showed in the video and also have created key1 and secret1, but still pod is in container creating stage. Please Help
Like AWS secret manager to Eks integration can you make that video anna
Sure
Hello @Abhishek. Can we create the system managed identity and associate it with virtual machine scale set and create a secret storage provider class and mount that secret to the pod . Can we do this way ! If yes, Which is more feasible way.
I request you to please through some light on this topic as well and request you to pelase create a video where if you can explain what are the different way to integrate AKS with any Azure Services and what is suitable in what scneario as this would definitely help lot of people to understnd when to use system mg identity, when to use user assigned mg identity and when to use Service Principal.
If you can clear out this in any video then this would be of great use to everyone and the community as well.
after running the list cmd. I'm unable to see two files with key1 and secret1 name the output is showing no such directory found
is this tutorial complete for azure bcs I want to star please reply 🙏
Thank you so much for sharing this video. I have a question. Using the secretproviderclass, how can secret be injected for ingress to consume. Imagine my wildcard certificate and key is present In a path in Hashicorp vault. I tried to do this but since Ingres doesn’t mount volume it didn’t work. How can I achieve this? Thank you
Hashicorp Vault Integration Tutorial... We need
Its already available. Check the terraform playlist
I mean Integration with various tools like Jenkins, Docker, Kubernetes, Helm.
Thanks for u reply.. Ur effort and making videos on GitDevSecOps just... AMAZING
Will it be the same step for integration azure AKS with azure app config using key vault reference?
You can follow the managed identity steps in the video
Thanks. @@AbhishekVeeramalla . I was able to do it.
Explain about azure admin job in real time scenario.
Sure
❤
Thanks
Please guide me through the order of watching your video listings .
DevOps Zero to hero
AWS / Azure Zero to Hero
Terraform Zero to Hero
Python for DevOps
@@AbhishekVeeramalla thanks
Hi annaya mito matladi anna Ela contact avvali
hello in the documentation git adjustament this line export KEYVAULT_SCOPE=$(az keyvault show --name $KEYVAULT_NAME -g $RESOURCE_GROUP --query id -o tsv) , this error is for -g $RESOURCE_GROUP no mapping.
when i ran the cmd: "az aks create --name keyvault-demo-cluster -g keyvault-demo --node-count 1 --enable-addons azure-keyvault-secrets-provider --enable-oidc-issuer --enable-workload-identity"; getting error:incorrect padding when creating aks cluster....anyone help ?
keyvault name needs to be unique , we cannot use your keyvalut name