Day-20 | Azure Key Vault Integration with AKS | Kubernetes Secret Store CSI Driver with Azure Vault
Support my work
www.buymeacoffee.com/abhishekprd
This video is Day-20 of Azure Zero to Hero (Free Azure Course including Azure DevOps). You can follow the link below to watch all the videos in this playlist.
• Azure Zero to Hero
Secrets Management on Azure with Secrets Store CSI Driver using Azure Vault Provider.
Secrets Management is one of the critical tasks of a DevOps and Cloud Engineer. In this video, I have demonstrated how one can use Azure Vault as a centralized secrets management solution and how a DevOps Engineer can configure the AKS Cluster to Implement the Secrets Management using Vault.
This 1 hr Hands-on Tutorial will cover how to setup
- How to Install AKS with required Addons
- Setup Secrets Store CSI Driver
- Azure Vault Provider for the SSCSI Driver
- Create a Secrets Provider Class
- Create a Managed Identity and implement Federation using OIDC
- Configure K8s Service Account Accordingly
and Finally, Create a Pod to verify if the Pod can access the Secrets from the Azure Key Vault.
Have any questions while learning ? Don't worry, Join our Doubts Clearing Group.
Join our Doubts Clearing Group
www.youtube.com/@AbhishekVeer...
Notes for the playlist - github.com/iam-veeramalla/Azu....
Here are some more very useful Zero to Hero playlists on the channel.
- Free DevOps Playlist: • DEVOPS ZERO TO HERO CO...
- AWS Zero to Hero Playlist: • AWS Zero to Hero - AWS...
- Terraform Zero to Hero Playlist: • Terraform Zero to Hero
- Python for DevOps Playlist: • Python for DevOps
About me:
========
Instagram: / abhishekveeramalla_off...
Telegram Channel : t.me/abhishekveeramalla
LinkedIn: / abhishek-veeramalla
GitHub: github.com/iam-veeramalla
Medium: / abhishekveeramalla-av
DevOps Project Ideas
Advanced DevOps Projects
Best DevOps Projects
DevOps Projects 2024
DevOps CI/CD Projects
Free Azure Course
Azure DevOps
Learn Azure
Best Azure Course
Azure course 2024
Learn Azure from Basics
Azure DevOps with examples
Azure DevOps projects
Azure simplified
Learn Azure for Free
Azure DevOps Playlists
Azure DevOps Projects
Azure DevOps Interview Questions
Azure Fundamentals
AZ-900 course
AZ-900 certification courses
AZ-900 playlist
Videos to clear AZ-900
Azure Secret Store CSI Driver
Azure Secret Store CSI Driver with Azure vault Integration
Azure DevOps Project for Resume
Azure Secrets Management
Пікірлер: 63
Really great video. Keep making such detailed videos. Thanks Abhishek.
Implemented everything as is, everything worked great!! Thank you
@AbhishekVeeramalla
Ай бұрын
You're welcome!
@AbhishekVeeramalla To understand the topics you have taken the multiple approach to explain the details instead of repeating same things for your subcribers or whose is egar to learn it....❤❤❤
@AbhishekVeeramalla
2 ай бұрын
Thanks
completed the demo successfully... Thanks to you Abhi, i perfectly understand the OIDC Federation, managed identity and CSI concept.
@AbhishekVeeramalla
2 ай бұрын
😍
Thanks for this demo Abhi
@AbhishekVeeramalla
3 ай бұрын
My pleasure 😊
great video and thanks alot abhishek
Much appreciated sir❤❤❤
@AbhishekVeeramalla
3 ай бұрын
My pleasure
Thanks a lot for this video...🤩
@AbhishekVeeramalla
3 ай бұрын
Most welcome 😊
Thank you Anna❤
@AbhishekVeeramalla
3 ай бұрын
Thanks
Thank You ❤
Yes Monitoring is most asked in interviews
Thank you so much
@AbhishekVeeramalla
3 ай бұрын
You're most welcome
One-man army:).. hopefully, one day I'll possess one-fourth of your knowledge
@AbhishekVeeramalla
3 ай бұрын
😍
Thanks sir 🥇🥇🥇🥇🥇🥇
@AbhishekVeeramalla
3 ай бұрын
😍😍😍
Clear explanation - But need practise on my end
@AbhishekVeeramalla
Ай бұрын
Thanks
This is absolutely top notch explanation from you Abhishek bhai 💗.😀. Can you please assist me how we can write the Docker service connection parameter post adding the key pair value in Azure secrets vault .
thanks for the video bro. small doubt, you are using managed identity to have access between resources. but how can we use managed identity if they are in different subscriptions..does managed identity work in between resources in different subscriptions
❤
@AbhishekVeeramalla
3 ай бұрын
Thanks
Thank you so much for sharing this video. I have a question. Using the secretproviderclass, how can secret be injected for ingress to consume. Imagine my wildcard certificate and key is present In a path in Hashicorp vault. I tried to do this but since Ingres doesn’t mount volume it didn’t work. How can I achieve this? Thank you
I completed all the steps and verified them in the console but at the final stage, the pod remained in the "container creating" state due to an RBAC issue. Due to time constraints, I was unable to troubleshoot this issue fully. but yes I gained a clear understanding of Azure Key Vault and how pods access external vault using managed identity through the CSI driver and the vault vendor provider running on k8s cluster as daemon sets.
@AbhishekVeeramalla
3 ай бұрын
😍😍😍
Where the playlist can u provide link please
hi abhi, 41:18 for this, you might be --assignee first come then --role will later as per error message instructions, I am not sure may be it's work
@AbhishekVeeramalla
3 ай бұрын
May be yeah, I did not troubleshoot much as I was recording.
Can we expect a video on aks workload identity implementation in this series ??
@AbhishekVeeramalla
3 ай бұрын
We implemented workload identity in this video
Hashicorp Vault Integration Tutorial... We need
@AbhishekVeeramalla
3 ай бұрын
Its already available. Check the terraform playlist
@nageswararao3525
3 ай бұрын
I mean Integration with various tools like Jenkins, Docker, Kubernetes, Helm.
@nageswararao3525
3 ай бұрын
Thanks for u reply.. Ur effort and making videos on GitDevSecOps just... AMAZING
Like AWS secret manager to Eks integration can you make that video anna
@AbhishekVeeramalla
3 ай бұрын
Sure
hello in the documentation git adjustament this line export KEYVAULT_SCOPE=$(az keyvault show --name $KEYVAULT_NAME -g $RESOURCE_GROUP --query id -o tsv) , this error is for -g $RESOURCE_GROUP no mapping.
Explain about azure admin job in real time scenario.
@AbhishekVeeramalla
3 ай бұрын
Sure
Will it be the same step for integration azure AKS with azure app config using key vault reference?
@AbhishekVeeramalla
3 ай бұрын
You can follow the managed identity steps in the video
@skmonjurulhaque6011
3 ай бұрын
Thanks. @@AbhishekVeeramalla . I was able to do it.
Hi Abhishek, Please can you help us in the last part when creating the pod its going into container creating state. i have checked the permissions its given as how you gave. I see other person in the chat also faced the same issue PLEASE ABHISHEK! Thanks. Pavan
@AbhishekVeeramalla
3 ай бұрын
You should create key1 and secret1 in key vault. You might have not created them. You can describe the pod to see what is the error, it should be the error mostly.
@SPavanRaj
3 ай бұрын
@@AbhishekVeeramalla I have created with different name for key and secret updated those names in the Storage Provider Class When I do describe pods it says Caller is not authorized to perform action on resource. But I have double checked and given permissions as you gave
Hi annaya mito matladi anna Ela contact avvali
Please guide me through the order of watching your video listings .
@AbhishekVeeramalla
3 ай бұрын
DevOps Zero to hero AWS / Azure Zero to Hero Terraform Zero to Hero Python for DevOps
@phamcongtoan1399
3 ай бұрын
@@AbhishekVeeramalla thanks
keyvault name needs to be unique , we cannot use your keyvalut name
Where are you executing those commands?? Is it CMD? Or other terminal im kinda confused please help
@AbhishekVeeramalla
2 ай бұрын
Please start with day 1 of devops zero to hero course. Btw I am using the mac in built terminal
@cbr250r_on_steroids9
2 ай бұрын
In windows what can we use then? @@AbhishekVeeramalla
@Vinn.V
2 ай бұрын
@@cbr250r_on_steroids9 you can use powershell, makesure azurecli is installed