ไม่สามารถเล่นวิดีโอนี้
ขออภัยในความไม่สะดวก
Day-20 | Azure Key Vault Integration with AKS | Kubernetes Secret Store CSI Driver with Azure Vault
ฝัง
- เผยแพร่เมื่อ 31 ก.ค. 2024
- Support my work
www.buymeacoffee.com/abhishekprd
This video is Day-20 of Azure Zero to Hero (Free Azure Course including Azure DevOps). You can follow the link below to watch all the videos in this playlist.
• Azure Zero to Hero
Secrets Management on Azure with Secrets Store CSI Driver using Azure Vault Provider.
Secrets Management is one of the critical tasks of a DevOps and Cloud Engineer. In this video, I have demonstrated how one can use Azure Vault as a centralized secrets management solution and how a DevOps Engineer can configure the AKS Cluster to Implement the Secrets Management using Vault.
This 1 hr Hands-on Tutorial will cover how to setup
- How to Install AKS with required Addons
- Setup Secrets Store CSI Driver
- Azure Vault Provider for the SSCSI Driver
- Create a Secrets Provider Class
- Create a Managed Identity and implement Federation using OIDC
- Configure K8s Service Account Accordingly
and Finally, Create a Pod to verify if the Pod can access the Secrets from the Azure Key Vault.
Have any questions while learning ? Don't worry, Join our Doubts Clearing Group.
Join our Doubts Clearing Group
www.youtube.com/@AbhishekVeer...
Notes for the playlist - github.com/iam-veeramalla/Azu....
Here are some more very useful Zero to Hero playlists on the channel.
- Free DevOps Playlist: • DEVOPS ZERO TO HERO CO...
- AWS Zero to Hero Playlist: • AWS Zero to Hero - AWS...
- Terraform Zero to Hero Playlist: • Terraform Zero to Hero
- Python for DevOps Playlist: • Python for DevOps
About me:
========
Instagram: / abhishekveeramalla_off...
Telegram Channel : t.me/abhishekveeramalla
LinkedIn: / abhishek-veeramalla
GitHub: github.com/iam-veeramalla
Medium: / abhishekveeramalla-av
DevOps Project Ideas
Advanced DevOps Projects
Best DevOps Projects
DevOps Projects 2024
DevOps CI/CD Projects
Free Azure Course
Azure DevOps
Learn Azure
Best Azure Course
Azure course 2024
Learn Azure from Basics
Azure DevOps with examples
Azure DevOps projects
Azure simplified
Learn Azure for Free
Azure DevOps Playlists
Azure DevOps Projects
Azure DevOps Interview Questions
Azure Fundamentals
AZ-900 course
AZ-900 certification courses
AZ-900 playlist
Videos to clear AZ-900
Azure Secret Store CSI Driver
Azure Secret Store CSI Driver with Azure vault Integration
Azure DevOps Project for Resume
Azure Secrets Management .
.
Disclaimer: Unauthorized copying, reproduction, or distribution of this video content, in whole or in part, is strictly prohibited. Any attempt to upload, share, or use this content for commercial or non-commercial purposes without explicit permission from the owner will be subject to legal action. All rights reserved.
Really great video. Keep making such detailed videos. Thanks Abhishek.
@AbhishekVeeramalla To understand the topics you have taken the multiple approach to explain the details instead of repeating same things for your subcribers or whose is egar to learn it....❤❤❤
Thanks
completed the demo successfully... Thanks to you Abhi, i perfectly understand the OIDC Federation, managed identity and CSI concept.
😍
Implemented everything as is, everything worked great!! Thank you
You're welcome!
great video and thanks alot abhishek
Thanks for this demo Abhi
My pleasure 😊
Thank You ❤
Much appreciated sir❤❤❤
My pleasure
Thanks a lot for this video...🤩
Most welcome 😊
Yes Monitoring is most asked in interviews
Thank you so much
You're most welcome
Thank you so much for sharing this video. I have a question. Using the secretproviderclass, how can secret be injected for ingress to consume. Imagine my wildcard certificate and key is present In a path in Hashicorp vault. I tried to do this but since Ingres doesn’t mount volume it didn’t work. How can I achieve this? Thank you
This is absolutely top notch explanation from you Abhishek bhai 💗.😀. Can you please assist me how we can write the Docker service connection parameter post adding the key pair value in Azure secrets vault .
Thank you Anna❤
Thanks
thanks for the video bro. small doubt, you are using managed identity to have access between resources. but how can we use managed identity if they are in different subscriptions..does managed identity work in between resources in different subscriptions
One-man army:).. hopefully, one day I'll possess one-fourth of your knowledge
😍
How can we assign ssl certificate stored key valut to either port or AG ingress controller so applications can be securely accessed over internet?
Thanks sir 🥇🥇🥇🥇🥇🥇
😍😍😍
I completed all the steps and verified them in the console but at the final stage, the pod remained in the "container creating" state due to an RBAC issue. Due to time constraints, I was unable to troubleshoot this issue fully. but yes I gained a clear understanding of Azure Key Vault and how pods access external vault using managed identity through the CSI driver and the vault vendor provider running on k8s cluster as daemon sets.
😍😍😍
hello in the documentation git adjustament this line export KEYVAULT_SCOPE=$(az keyvault show --name $KEYVAULT_NAME -g $RESOURCE_GROUP --query id -o tsv) , this error is for -g $RESOURCE_GROUP no mapping.
Where the playlist can u provide link please
Clear explanation - But need practise on my end
Thanks
hi abhi, 41:18 for this, you might be --assignee first come then --role will later as per error message instructions, I am not sure may be it's work
May be yeah, I did not troubleshoot much as I was recording.
❤
Thanks
Hi Abhishek,
Please can you help us in the last part when creating the pod its going into container creating state. i have checked the permissions its given as how you gave.
I see other person in the chat also faced the same issue
PLEASE ABHISHEK!
Thanks.
Pavan
You should create key1 and secret1 in key vault. You might have not created them.
You can describe the pod to see what is the error, it should be the error mostly.
@@AbhishekVeeramalla I have created with different name for key and secret updated those names in the Storage Provider Class
When I do describe pods it says
Caller is not authorized to perform action on resource.
But I have double checked and given permissions as you gave
Like AWS secret manager to Eks integration can you make that video anna
Sure
Will it be the same step for integration azure AKS with azure app config using key vault reference?
You can follow the managed identity steps in the video
Thanks. @@AbhishekVeeramalla . I was able to do it.
Can we expect a video on aks workload identity implementation in this series ??
We implemented workload identity in this video
Hi annaya mito matladi anna Ela contact avvali
is this tutorial complete for azure bcs I want to star please reply 🙏
Explain about azure admin job in real time scenario.
Sure
Hashicorp Vault Integration Tutorial... We need
Its already available. Check the terraform playlist
I mean Integration with various tools like Jenkins, Docker, Kubernetes, Helm.
Thanks for u reply.. Ur effort and making videos on GitDevSecOps just... AMAZING
Please guide me through the order of watching your video listings .
DevOps Zero to hero
AWS / Azure Zero to Hero
Terraform Zero to Hero
Python for DevOps
@@AbhishekVeeramalla thanks
keyvault name needs to be unique , we cannot use your keyvalut name
Where are you executing those commands?? Is it CMD? Or other terminal im kinda confused please help
Please start with day 1 of devops zero to hero course. Btw I am using the mac in built terminal
In windows what can we use then? @@AbhishekVeeramalla
@@cbr250r_on_steroids9 you can use powershell, makesure azurecli is installed