Introduction to HashiCorp Vault on Kubernetes for beginners
HTML-код
- Опубликовано: 31 июл 2024
- Subscribe to show your support! goo.gl/1Ty1Q2 .
Patreon 👉🏽 / marceldempers
Excited for this one! In this video we cover all the basics around HashiCorp Vault.
More specifically:
* Vault concepts
* Modes
* Storage
* Deployment on Kubernetes
* Sealing and Unsealing
* Encryption Algorithm and more
Stay tuned as this is part one of a new secret management series.
Also if you want to support the channel further, become a member 😎
marceldempers.dev/join
Checkout "That DevOps Community" too
marceldempers.dev/community
Follow along with the source code below source code:
github.com/marcel-dempers/doc...
If you are new to Docker, checkout my Docker development guide:
• Docker development gui...
Also, if you're new to Kubernetes, checkout my guides below:
Check out part 1 for how to install Kubernetes on Windows:
• Kubernetes Getting Sta...
Check out part 2 of how to use KUBECTL:
• Kubectl basics for beg...
Check out part 3 of how to do deployments
• Kubernetes Deployments...
Check out part 4 of how to manage application configurations
• Configuration manageme...
Check out part 5 of secret management explained
• Kubernetes Secret Mana...
Like and Subscribe for more :)
Follow me on socials!
Patreon | / marceldempers
Twitter | / marceldempers
GitHub | github.com/marcel-dempers
Facebook | thatdevopsguy
LinkedIn | / marceldempers
Instagram | / thatdevopsguy
Music:
Track: Fox Beat 2 - Kronicle - Chill Noons - Royalty Free Vlog Music [BUY=FREE] | is licensed under a Creative Commons Attribution licence (creativecommons.org/licenses/...)
Listen: / kronicle-chill-noons-r...
Track: Jacks - Who I am | is licensed under a Creative Commons Attribution licence (creativecommons.org/licenses/...)
Listen: / who-i-am-1
Track: Neverknew - SMOKIN' MOONROCKS | is licensed under a Creative Commons Attribution licence (creativecommons.org/licenses/...)
Listen: / smokin-moonrocks
Track: Chebit - S t i l l H u s t l i n g w/ Mylos | is licensed under a Creative Commons Attribution licence (creativecommons.org/licenses/...)
Listen: / s-t-i-l-l-h-u-s-t-l-i-...
Track: Fox Beat 2 - Joakim Karud - Summer Vibes - Royalty Free Vlog Music [BUY=FREE] | is licensed under a Creative Commons Attribution licence (creativecommons.org/licenses/...)
Listen: / joakim-karud-summer-vi... Наука
The only person who could explain the concepts and how Vault works in one go!
Absolutely fantastic video. I love that you've started with this demo to explain it, then gone into more details in part 2.
Thank you for making these videos. Really helpful and appreciate the level of details in your explanations.
The fact you explain this stuff without using the insane amount of buzzwords and cryptic terminology that other guides use is phenomenal. Great work!
I've been watching lots of video on this HashiCorp Vault but only here I found answers to all my questions regarding vault.
Thanks for the video mate!
Absolutely love your style, the speed, how deeply you get into everything. Thank you so much, Marcel. Would be awesome if you could put together an entire HashiStack series. Nomad, Consul, and Boundary, especially. More ops and less dev but how these three work together with Vault is needed for setting up the environment for any dev. What do you think?
First time here and really loved the explanation and the depth of it! Thanks for the video, and I will surely watch the rest of them on your channel! Thumbs up!
Great work @Marcel ...eagerly waiting for the next video on HA & how secrets gonna be used btw vault and the pods along with best practices.
Great way of wxplaining things. Agree, your lecture is compact, easy to understand and relevant indeed!
Super simple and clear tutorials. Thank you so much!
Mate your videos are amazing! Great editing, great music taste and super informative, subbed bro keep going!
I'm glad you enjoyed it, thanks for the support ❤
Awesome content always, i must confess one thing honestly i never get tiered of watching your videos , i could stay glue for hours , you shared tons and tons of quality contents always , thank you so much for being there for guys. By the way can you upload a video on terraform infrastructure as code IAC, i have searched i didnt see anyone by you
Fantastic Series , Kudos for all your knowledge sharing and efforts here !
Thank you so much for these! They really help alongside the official documentation :)
Yea this is great. Super clear and crisp delivery without rabbit-holing at all. I'm sure you're a great public speaker!
Thanks for the kind words, I'm glad you enjoyed it :)
Wonderful knowledge sharing session ... Love it !!!
Very impressive. Thanks for your contribution
Great job and good explanations. thanks !!
Quite informative tutorial. hope to see such content more in future. Thanks alot
Really good and helpful video . Thanks
thank you for the video its a very good starting point
absolutely worth watching.
Nice explanation. waiting for HA version.
Also, if possible share the difference between using etcd clusters vs consul. Thanks
Thank you this very good so far
Just best. Like always 👍
Thank you very much! ❤
Love your videos dude! Also a fellow software developer form South Africa
Baie dankie! en groette daar 😃💪🏽
Im really sad that I cant give more then one thumbs up :) really great video, thank you
nice video!
Please make a tutorial on JFrog running on Kubernetes(Installation & Configuration), using it as an artifactory
Waou Amazing video
Great Video!!! First timer. Was wondering if you could make a video explaining how to deploy Vault on k8s gcloud cluster using an Operator : )
You Rock!!
thank you
Coolest !! :)
Awesome ! Thank you
Marcel this is pure gold!
amazing video ❤️
Thank you for your videos. I have a problem with vault being initialized already on installation. I think this is because I have previously installed (using terraform's helm provider), initialized and unsealed it on my GKE cluster to test out but removed (using terraform) it after some trials. How do I uninitialize vault in this case to restart again? Thank you for your time!
Your videos are killer
I am wondering if where I can see the video of setting up vault, cert-manager for kubernetes to auto renewal of certificates, would be awesome if you can share your experience
Great video
Hey Hai
Can we do auto unseal process within vault yaml files, can you please let me know if there is process.
nice video
@marcel inject vault secrets to my pods in path /vault/secrets/mysql/, how am i supposed to use that secrets in my java application, thanks
GREAT!!👏👏
I try to use it on Azure, but i don't found how to expose correctly the app..
Awesome! thank you for explaining this... I am in also on the fence between is vault "really" solving\facilitate secret management OR just overly complex...
Secret management is generally complex, especially when financial audits are involved and access to the secrets can only be authorised by more than two parties. This is generally where vaults come in. Simpler solutions exist, but they are mainly around focusing on secret hygiene, for example protecting secrets with RBAC so they cannot be retrieved once created, prevent exec into containers, limit who can create secrets.. etc
thanks a lot!!
I have a question, that /vault/secrets/ directory is world readable... Isn't that a bit "not secure" ?
I have a small doubt. Why do you provide the vault pod with a service account. It doesn't need access to any of the cluster resources right?
yet again i check out k8s obelix videos to gain better devops skills
Considering a scenario where we have a pod running with some backend application connected with AWS RDS database using vault due to high traffic these pods and nodes needs to scale and communicate with the database pretty frequently so as the vault creates temporary credentials isnt it consuming the disk usage by creating users and more connections happening with RDS. (Just got this question into my head). Hoping for a reply with solution.
Thank you .
Love your content
Thanks for the kind words 🙏🏼
Secret rotation should have zero impact to application performance.
You should tune your database client to handle connections efficiently and can establish new connections when a new secret comes along.
This should not create disk IO unless the application is written incorrectly
@@MarcelDempers Got it thank you.....have a small question If Pods are created with Front end app (Nodejs) and backend (mYsql) with EBS scaling is easy using Cluster and Pod scaling ....... But here how to app pods has communication with other MySQL pods from other nodes to have consistent data ? How does these MySQL EBS pods distribute it's all data accross the app pods?
@Marcel I have a kind suggestion can you please made a Azure Tutorials please I always enjoy your Video.
Or store the Seal Keys in a proper KMS System from a Cryptovendor ;-)
Seems that the certificate is expired. $ vault operator init
Error initializing: Put 127.0.0.1:8200/v1/sys/init: x509: certificate has expired or is not yet valid
I bypass this adding this "- name: VAULT_SKIP_VERIFY value: "true" after line 94 on the file "server-statefulset.yaml". Nos is pendding how to upgrade with valid certificate.
You should kill the root token ASAP because it has no any logging. I mean... You can't do any meaningful activity tracking.
Appreciate the effort but bro take a step back, don't just talk into my face with words, visualize it for me from the start... i'm trying to learn this and I don't know what you're saying.
I received this error: Error initializing: Put 127.0.0.1:8200/v1/sys/init: x509: certificate has expired or is not yet valid. can you please provide solution ?
Get error as soon as I do vault operator init:
Get "127.0.0.1:8200/v1/sys/seal-status": x509: certificate has expired or is not yet valid: current time 2022-11-27T09:07:18Z is after 2021-03-02T22:46:00Z
you'll need to generate a new cert as shown in the guide
@@MarcelDempers Vault 2022 video worked for me.