@kodeKloud, How can we use secrets from secret manager into our on-premise kubernetes cluster which is setup using kubeadm?? We want to use Secret store CSI Driver to inject secret into pod from secret manager. I have find a lot but not getting anything, please help.
@kodeKloud , I'm wondering, How is it safe when the password is saved in plain text inside the pod. Anyone with read access , who can read the k8s secret can also read the pod's volume. Correct me if I'm wrong.
The pod has to have the credentials / authorization in order to connect to other services, a DB for an instance. So, if you have access to the pod which connects to a DB, you have access to the DB, with the same privileges given to the pod.
I have done as it is it worked 🎉, but I have try with multiple node group in same cluster like node-dev and node-qa, with different secret manager but iam not able to access in one node, in node-dev group instance are running.. but in node-qa group instance are not running.. with same configuration ( I have cross check twice) Check with secret store log that are not mounted, it's not able to retrieve secret from Secret manager error like "Failed to fetch secret from all regions"
Great information, looks like with this implementation it won't be possible to use the secrets as env variables, instead I will need to indicate my app to fetch the secrets from a file, and monitor when the secret's value changes, correct?
Thank you so much for making this, its been really helpful, also just to add to anyone wondering, if ur creating ur application in a seperate namespace make sure u create the service account in that particular namespace too and not in defualt namespace.
I think you should re-read the documentation. I'm pretty sure once a sealed-secret is applied to a cluster, it's stored as a regular k8s secret that's base64 encoded. Sealed-secrets is just for securely storing the secret in a git repo.
That was one fantastic demo, many thanks.
Looked at many videos to understand AWS Secrets, CSI drivers and Storage Class. This is the Best tutorial on this topic I had found till date.
@kodeKloud, How can we use secrets from secret manager into our on-premise kubernetes cluster which is setup using kubeadm?? We want to use Secret store CSI Driver to inject secret into pod from secret manager. I have find a lot but not getting anything, please help.
@kodeKloud , I'm wondering, How is it safe when the password is saved in plain text inside the pod. Anyone with read access , who can read the k8s secret can also read the pod's volume. Correct me if I'm wrong.
The pod has to have the credentials / authorization in order to connect to other services, a DB for an instance.
So, if you have access to the pod which connects to a DB, you have access to the DB, with the same privileges given to the pod.
link for all yaml files
Perfect. Kudos sir!
What a great demo and some troubleshooting
My fav is Hashicorp vault!
I have done as it is it worked 🎉, but I have try with multiple node group in same cluster like node-dev and node-qa, with different secret manager but iam not able to access in one node, in node-dev group instance are running.. but in node-qa group instance are not running.. with same configuration ( I have cross check twice)
Check with secret store log that are not mounted, it's not able to retrieve secret from Secret manager error like "Failed to fetch secret from all regions"
This is great demo.. I have a question. Is there any way to create configMap instead of secret..
yes good question , Curenntly agrocd supports with restarts pods .
Excellent Excellent Excellent.....simply excellent....thanks a lot Sir.....
Is there any way to inject secret value as env variable inside the pod without creating kubernetes secrets??
Great information, looks like with this implementation it won't be possible to use the secrets as env variables, instead I will need to indicate my app to fetch the secrets from a file, and monitor when the secret's value changes, correct?
Thank you so much for making this, its been really helpful, also just to add to anyone wondering, if ur creating ur application in a seperate namespace make sure u create the service account in that particular namespace too and not in defualt namespace.
Helpful video. Saved my day
this video is a high quality stuff, thanks a lot, great !
Excellent video!!!
Nice video!!! Thanks Sanjeev
sealed secret is my favorite since the secret is never stored in plain text on a file system.
I think you should re-read the documentation. I'm pretty sure once a sealed-secret is applied to a cluster, it's stored as a regular k8s secret that's base64 encoded. Sealed-secrets is just for securely storing the secret in a git repo.
Hi you'r video looks great
can you please explain how can i use the value in the pod env section ?
Thank you
Maybe it would be only possible set a secret from the mounted file as an env variable within pod's container(s).
This is one of the reasons to sync as a kubernetes secret.
who are you? you're not even a real person, it's like you created an AI instead of hiring someone to make this video.
haha.. 😄he is co-tutor of kodeCloud and he works with Mumshad Mannambeth
Great....
So helpfull
Thank you!
Nice one !
We are glad that you have enjoyed your learning experience with us : )