- 68
- 303 031
Learn with GVR
Singapore
Приєднався 16 гру 2021
Resolve the complexities of learning...
Easy, Simplified Learning of Containers, Kubernetes, Cloud, Security & Design concepts etc
Please Subscribe, Like & Comment
Connect with me in linkedIn
Easy, Simplified Learning of Containers, Kubernetes, Cloud, Security & Design concepts etc
Please Subscribe, Like & Comment
Connect with me in linkedIn
Terraform Test Mocking - Terraform v1.7.0 - Mocking Framework for IaC, Explained with Demo
Terraform Test Mocking - Terraform v1.7.0 - Mocking Framework for IaC, Explained with Demo
Chapters:
00:00 Introduction
00:06 Background
01:54 terraform test structure
02:40 test run block
03:05 run block assert
04:58 Purpose of Test Mocking
09:04 test mocking types
10:16 about mock_provider
12:32 mock_provider block syntax
13:49 about overrides
17:05 overrides block syntax
18:06 overrides block usage
19:04 test mocking structure
20:22 Demo of test mocking
official documentation:
developer.hashicorp.com/terraform/language/tests
developer.hashicorp.com/terraform/language/tests/mocking
github repo's:
github.com/learnwithgvr/terraform_test
github.com/learnwithgvr/terraform_test_mocking
Chapters:
00:00 Introduction
00:06 Background
01:54 terraform test structure
02:40 test run block
03:05 run block assert
04:58 Purpose of Test Mocking
09:04 test mocking types
10:16 about mock_provider
12:32 mock_provider block syntax
13:49 about overrides
17:05 overrides block syntax
18:06 overrides block usage
19:04 test mocking structure
20:22 Demo of test mocking
official documentation:
developer.hashicorp.com/terraform/language/tests
developer.hashicorp.com/terraform/language/tests/mocking
github repo's:
github.com/learnwithgvr/terraform_test
github.com/learnwithgvr/terraform_test_mocking
Переглядів: 353
Відео
Terraform Test - Terraform v1.6.0 - Native Test Framework for IaC, Explained with Demo
Переглядів 2,4 тис.Рік тому
Terraform Test - Terraform v1.6.0 - Native Test Framework for IaC, Explained with Demo Chapters: 00:00 Introduction 00:51 Background 05:05 Purpose of terraform test 06:58 About terraform test 10:23 Terraform test tun block 15:12 some important notes 17:53 terraform test Demo official documentation: developer.hashicorp.com/terraform/language/tests github repo: github.com/learnwithgvr/terraform_test
AWS KMS Key Management Service - Concepts Explained with Encryption Decryption Demo
Переглядів 8 тис.Рік тому
AWS Key Management Service - Concepts Explained with Encryption Decryption Demo Chapters: 00:00 About KMS 00:36 Encryption Decryption 01:35 Where is Encryption 02:53 AWS KMS Encryption - Key Types 04:10 AWS KMS - Key Usage 05:13 AWS KMS Envelop Encryption 07:32 AWS KMS Decryption 08:30 AWS KMS Symmetric & Asymmetric 10:22 AWS KMS Key - Service Types 12:13 AWS KMS Alias 15:06 AWS KMS Key - Polic...
Kubernetes v1.26 - Traffic Engineering - Service EndpointSlices, External & Internal Traffic Policy
Переглядів 1,5 тис.Рік тому
Kubernetes v1.26 - Traffic Engineering - Service EndpointSlices, External & Internal Traffic Policy Chapters: 00:00 Intro 00:13 Servce IP 07:23 Endpoint vs EndpointSlices 09:46 Servce EndpointSlices 13:03 Consumers of EndpointSlices 14:17 EndpointSlice Yaml 14:48 EndpointSlice conditions 17:19 Servce ExternalTrafficPolicy 20:03 ExternalTrafficPolicy local 25:15 Kube proxy ProxyTerminatingEndpoi...
Mount External Vault Secret in Kubernetes Pod through CSI Volumes
Переглядів 1,6 тис.Рік тому
Mount External Vault Secret in Kubernetes Pod through CSI Volumes Chapters: 00:00 Intro 00:51 Vault - kubernets use cases 03:00 v1.25 CSI Inline volumes with AWS SecretManger 04:16 Demo - Vault Secret in Pod through CSI Volumes Documentation: kubernetes.io/docs/concepts/scheduling-eviction/pod-scheduling-readiness/ K8S Cluster github: github.com/ramanagali/k8s-cluster Vault Server: github.com/r...
Kubernetes v1.26 - Pod Scheduling Readiness SchedulingGates - Alpha feature
Переглядів 674Рік тому
Kubernetes v1.26 - Alpha feature - Pod Scheduling Readiness SchedulingGates Chapters: 00:00 Intro 00:19 Kube Scheduler Node Assignment 03:03 Filtering and Scoring Behaviour 04:19 Scheduling Stage Extension Points 05:23 Scheduling Plugins 07:03 Pod Scheduling Readiness 09:01 Pod SchedulingGates 10:20 Pod SchedulingGates Yaml 10:48 Demo 1 Pod SchedulingGates Documentation: kubernetes.io/docs/conc...
Kubernetes v1.26 - Validating Admission Policy - Alpha Feature
Переглядів 507Рік тому
Kubernetes v1.26 - Alpha feature - Validating Admission Policy 00:00 Intro 00:18 How Admission Controllers work in K8S 01:53 Validating Admission Webhook 04:25 ValidatingAdmissionPolicy Architrecture 06:35 ValidatingAdmissionPolicy YAML file 11:59 ValidatingAdmissionPolicy failure types 13:33 Common Expression Language (CEL) 18:06 difference Validating Admission Policy and webhook 20:07 Demo 1 ...
Kubernetes v1.26 - Container Runtime Interface (CRI) - API v1
Переглядів 1,6 тис.Рік тому
Kubernetes v1.26 - Container Runtime Interface (CRI) - API v1 Chapters 00:00 Introduction 00:43 Kubeadm cluster provisioning 02:12 Before CRI 03:36 CRI Architecture - Implementers 05:05 CRI Architecture - Components 08:56 ContainerD 10:33 kubeadm kubelet flags 12:27 K8S ContainerD - CRI version 15:03 v1.26 CRI support to v1 Documentation: kubernetes.io/blog/2022/12/09/kubernetes-v1-26-release/ ...
Kubernetes v1.26 - Change in container image registry registry.k8s.io
Переглядів 1,5 тис.Рік тому
Kubernetes v1.26: Electrifying - Change in container image registry registry.k8s.io Chapters: 00:00 About Topic 00:29 Kubernetes v1.25 changes 01:55 whats in v1.26 03:01 what is k8s.gcr.io 04:45 Why new registry.k8s.io 06:43 registry.k8s.io edge locations 08:38 Container Registry Service 10:54 Kubeadm & kubelet config Kubernetes v1.25 - Container registry service from k8s.gcr.io to registry.k8s...
Kubernetes Secret Data Encryption at Rest - v1.25 - KMS v2 alpha1 AWS KMS
Переглядів 2,2 тис.2 роки тому
Kubernetes Secret Data Encryption at Rest - v1.25 - KMS v2 alpha1 AWS KMS Chapters: 00:00 Introduction 00:14 Encryption, Decryption Symmetric Encryption 02:15 Envelope Encryption AWS KMS 05:17 KMS Decryption 06:19 Kubernetes Secrets API call - default nature 12:07 Encrypt Secret data at Rest 12.30 Kubernetes EncryptionConfiguration 14:53 Kubernetes EncryptionConfiguration Providers 15:47 Kubern...
Kubernetes Volume Plugins, Pod Volume Types - v1.25
Переглядів 8862 роки тому
Kubernetes Volume Plugins, Pod Volume Types - v1.25 Chapters: 00:00 Introduction 00:06 CSI Driver 00:37 Secret as volume 00:51 CSI empehemral volume 01:19 About kubernetes Volume plugns 03:27 Pod Volume Types 14:25 Deprecated Pod Volume Types YAML files github.com/ramanagali/yaml K8s Cluster github.com/ramanagali/k8s-cluster CKS playlist: ua-cam.com/play/PLFkEchqXDZx6Bw3B2NRVc499j1TavjOvm.html ...
Kubernetes v1.25 - CSI Inline Volumes - secrets-store.csi.k8s.io with AWS EKS secrets manager
Переглядів 2,8 тис.2 роки тому
Kubernetes v1.25 - CSI Inline Volumes - secrets-store.csi.k8s.io with AWS EKS secrets manager Chapters: 00:00 Introduction 00:36 CSI Driver 03:56 CSI Driver Purpose 05:47 Dynamic Provisioning 07:02 Volume,VolumeMount - HostPath-emptyDir 08:30 Secret Usage in Pod 09:58 CSI Driver Secret Store 13:15 Generic ephemeral volumes 16:28 CSI ephemeral inline volumes 22:23 CSI Driver image populator 24:0...
Kubernetes v1.25 - endPort in Network Policy
Переглядів 9462 роки тому
Kubernetes v1.25 - endPort in Network Policy Chapters: 00:00 About Topic 00:36 NetworkPolicies 05:49 NetworkPolicy Yaml 10:23 NetworkPolicy IMP Notes 12:48 NetworkPolicy Examples 13:03 NetworkPolicy endPort Example 14:14 NetworkPolicy multiport endPort Demo YAML files github.com/ramanagali/yaml K8s Cluster github.com/ramanagali/k8s-cluster Docker Images: hub.docker.com/r/alekssaul/multiportingr...
Kubernetes v1.25 - Container registry service from k8s.gcr.io to registry.k8s.io
Переглядів 1,5 тис.2 роки тому
Kubernetes v1.25 - Moved Container registry service from k8s.gcr.io to registry.k8s.io Chapters: 00:00 About Topic 00:15 Kubernetes v1.25 new changes 01:00 Kubernetes v1.24.3 and 1.25 Container Registry changes 03:16 Container Registry Service 05:39 Kubeadm Config 07:53 k8s.gcr.io - k8s-artifacts-prod 09:32 Image Promoter 10:59 Why new registry.k8s.io 13:16 registry.k8s.io - OCI Proxy 17:21 reg...
Kubernetes - CNI, How Pod is created and gets IP address - pause container with containerd
Переглядів 5 тис.2 роки тому
Kubernetes - CNI, How Pod is created and gets IP address, Pause Container with containerd Chapters: 00:00 About topic 00:07 CRI 00:40 Kubernetes Networking Model 01:52 Container Network Interface - CNI 04:30 What CNI Does 05:58 Kubelet-CRI-CNI-Netowrk flow 08:56 NodeIPAM podCIDR 16:57 Container Networking Single Node 18:28 Container Networking Multi Nodes 19:31 How POD gets IP 23:37 What is Pau...
ContainerD Debugging Client Tool CLI - CTR with demo
Переглядів 2 тис.2 роки тому
ContainerD Debugging Client Tool CLI - CTR with demo
Hashicorp Vault - Auto-unseal using AWS KMS #12
Переглядів 2,8 тис.2 роки тому
Hashicorp Vault - Auto-unseal using AWS KMS #12
Hashicorp Vault - Vault Audit Devices #11
Переглядів 1,7 тис.2 роки тому
Hashicorp Vault - Vault Audit Devices #11
Hashicorp Vault - Vault Agent, Caching, Entity Identity Group & Response Wrapping #10
Переглядів 1,5 тис.2 роки тому
Hashicorp Vault - Vault Agent, Caching, Entity Identity Group & Response Wrapping #10
Hashicorp Vault - Vault deployment architecture #9
Переглядів 1,3 тис.2 роки тому
Hashicorp Vault - Vault deployment architecture #9
Hashicorp Vault - Vault API - Authenticate & Access Vault secrets via Curl -#8
Переглядів 3 тис.2 роки тому
Hashicorp Vault - Vault API - Authenticate & Access Vault secrets via Curl -#8
Hashicorp Vault - Transit Secrets Engine - Encryption as a Service - #7
Переглядів 3,1 тис.2 роки тому
Hashicorp Vault - Transit Secrets Engine - Encryption as a Service - #7
Hashicorp Vault - Lease, purpose of a lease ID, Renew & Revoke leases with Dynamic Secrets - #6
Переглядів 1,7 тис.2 роки тому
Hashicorp Vault - Lease, purpose of a lease ID, Renew & Revoke leases with Dynamic Secrets - #6
Hashicorp Vault - Tokens, Types, Root, Accessors, Service vs batch tokens, Orphan Tokens & TTL - #5
Переглядів 2,2 тис.2 роки тому
Hashicorp Vault - Tokens, Types, Root, Accessors, Service vs batch tokens, Orphan Tokens & TTL - #5
Hashicorp Vault - Policies Creation, Syntax and Capabilities - #4
Переглядів 2,6 тис.2 роки тому
Hashicorp Vault - Policies Creation, Syntax and Capabilities - #4
Hashicorp Vault - Human vs. system auth methods - AppRole Pull Authentication - #3
Переглядів 10 тис.2 роки тому
Hashicorp Vault - Human vs. system auth methods - AppRole Pull Authentication - #3
Hashicorp Vault - Secret Engines - #2
Переглядів 4,1 тис.2 роки тому
Hashicorp Vault - Secret Engines - #2
Hashicorp Vault - Authentication Methods - #1
Переглядів 14 тис.2 роки тому
Hashicorp Vault - Authentication Methods - #1
Hashicorp Vault - Installation, Operator Seal, Unseal and Login process
Переглядів 7 тис.2 роки тому
Hashicorp Vault - Installation, Operator Seal, Unseal and Login process
Hashicorp Vault - What is Vault, Overview, Use Cases & Architecture Explained
Переглядів 17 тис.2 роки тому
Hashicorp Vault - What is Vault, Overview, Use Cases & Architecture Explained
Hi, How to map the policy Vault to the AWS IAM role?
In my channel there is video on Auto unseal using AWS KMS.... Check this video if it helps... if not let me know I will help you
Thank you very much for this video it helped alot.
Glad to hear that it's helpful. Keep learning and subscribe and like
I didnt know pdb is not respected when pc is 0❤
Thanks alot.
Thanks for watching Meetali, pls subscribe
@@learnwithgvr this series is far far better than the paid training I am receiving these days from office.
Thank you kindly for your presentation. We are just implementing vault for storing and delivering secrets. This video is very useful.
Glad to hear that video is useful
Hi Bro, let me know the process of vault access from IAM Role. Can you please help me
There is documentation on vault IAM auth role, please go through and let me know if you have any questions support.hashicorp.com/hc/en-us/articles/19951252634387-How-to-Set-up-AWS-Auth-Method-Cross-Account-Access-with-Vault
@@learnwithgvr thanks for the reply bro. I will get back to you if I get stuck anywhere
Sure
Are you deciding how to install Kubebench during the exam or do they tell you?
It's already installed, you just need to use it
Mind blowing tutorial 😊😊😊 I learned about kms . Thank you
Thanks a lot, keep learning
Thanks GVR , very informative and presented very well , Please will you also make videos on topics like Cilium , eBPF?
Sure will make detailed video on eBPF
This is a very good breakdown of Vault. Thank you
Thanks 👍
is this still applicable? According to latest changes this PSP has been replaced / updated with Pod Security Admissions.
In this Playlist Pod Security Admission is available
you CKS series is like webseries. Its addicting. Also do you plan to update series on latest changes? Starting tomorrow there is a change in exam pattern.
Not many changes ..but will do
Very much useful video, Brother i need some information on how can we setup opa policy for creating a minimum of two pods <how to restrict if the user is creating with single pod>
Yes possible, you need to setup on every deployment, should have min 2 pods. see below yaml. hope this helps ---------------------------------- apiVersion: gatekeeper.sh/v1beta1 kind: ConstraintTemplate metadata: name: minimum-pods spec: crd: name: minimumpods namespace: gatekeeper-system targets: - target: deployment parameters: - name: minPods type: integer ---------------------------------- apiVersion: gatekeeper.sh/v1beta1 kind: Constraint metadata: name: enforce-minimum-pods spec: template: name: minimum-pods parameters: - name: minPods value: 2
Excellent video. Thank you
Thank you Sandeep
how to clean up the OPA CRD Constraint template to get back cluster to initial state? Just want to get cluster at original state without OPA gatekeeper and constraints.
first find all using k api-resources, then is remove all Constraints, ConstraintTemplates
Is OPA documentation allowed during exam?
Not allowed bro...see here list of sites allowed during exam docs.linuxfoundation.org/tc-docs/certification/certification-resources-allowed#certified-kubernetes-administrator-cka-and-certified-kubernetes-application-developer-ckad-and-certified-kubernetes-security-specialist-cks
Very helpful and informative session. Keep on posting this kind of session.
Thank you
Do we have kube-bench for rke cluster ?
Sorry seen latem pls refer kubebench GitHub repo or use yaml file installation to scan
great job brother ! such a gem
Thanks Bro
Very nice demo. Thank you!
Also, could i know what terminal software you use? is it iterm2, or warp?
it's iterm2
One question: is it possible to apply a psp to the default service account? since i think it may be more important for a pod is run under the default sa if no specific service account is specified.
Yes, we can apply and it's highly recommended for enhanced security By applying PSS to the default service account, you can significantly improve the security posture of your Kubernetes cluster and protect your applications and data from unauthorized access and potential vulnerabilities
Its 💎. Thanks alot
Thanks Bro
is this still a valid series for CKS in 2024? i am planning to give next month.
CKS new curriculum is applicable from Sept 12 onwards...so better plan before that. If not no issue there is slight change
Are you need a Thumbnail designer ?
Share your email
what if I have ten nodes then the job will create the pod in any node, and it will provide information about that node only right? what about the rest nodes?
Yes. While installing Kubebench on every node can provide granular insights into the security posture of each individual node, it's not always necessary or practical Pros: it provides detailed security assesment of everynode, Can detect, identify and resolve security issues of the Nodes Cons: kube bench will consumer resources Managing and monitoring of kube bench is time consuming Collecting security data from every node can generate a large volume of information that may be difficult to analyze If it is a small cluster, it's a feasible to have a cube bench in the nodes If your organization requires security assessment completely on all the nodes then go for it Deploy Kubebench on a dedicated node or a management cluster to scan all nodes periodically is the better approach Hope this helps. Thanks for asking this question
Thanks
Cheers
Awesome detailed explanation
Thank you
Sir please do the additional topics added for cks kubernetes - newchanges from sep12
Sir please do the additional topics added for cks kubernetes - newchanges from sep12 .
thanks for suggestion. sure will do.
Please do cks new topics which are going to be added from sep12 for upcoming cks exam.
thanks for your input. sure will do soon
Excellent video, thanks for the info!
Thank you
sir you give best explanation, thank you for uploading 🙏 please uploading interview questions for aws
Thank you Ravi Prakash. sure will try to creat videos on AWS interview questions
u are a great teacher.
Thank you
Excellent explanation with all your expertise, Dear GVR. I'm sure this content of yours will stay at the top among all for many more years. Thank you for making it easy to understand.
My pleasure, keep learning
Thanks for your video; it's useful. One piece of advice: It looks like you have a good microphone but no pop filter, or it's positioned incorrectly. There are intense plosive sounds. When you try to fix it, your sound will be much better than now!
thanks for suggestion, cheers
IS THIS THE COMPLETE TRAINING PLAYLIST ON KUBERNETES SECURITY ?
yes pls check my playlists in the channel
greate videos. Thanks for the content. I like the way your terminal shows color? How did you configure it this way? Is it any plugin or any other terminal?
Thanks bro for the feedback. It's iTerm2 terminal for Mac. Applied autosuggestion, syntax highlight and kubecolor on top it for kubectl colours
You should do an additional video to explain what has changed for the CKS. This content is amazing!
Great suggestion!, will do soon, thank you
Nice video. What's the name of your mic?
Thanks, it's Audio-Technica ATR2100x-USB Cardioid Dynamic USB XLR Microphone
@@learnwithgvr Thank you
❤❤
thank you
Thxs! good video!
thank you
hello thank u but can u tell me why with the new user it only show the default namespace not all of them somoene can help ?
if do not specify it will consider defult namespace. if you want any specific namespace you can update your kubeconfig desired context namespace
excellent explanation
thanks a lot
Nice video and informative. Please reduce filler words. Repetitively using basically word. Sometimes it’s kind of annoying
Thanks for the feedback, it was first video and listen 1.5x speed for better reach
very good demo.
Thank you for feedback
Thank you for the video and for answering the multi-region question below. Thumbs-up!. A few suggestions: 1. Point the viewers to the fact when auto unseal is configured Vault generates "Recovery" keys, and NOT "Unseal" keys 2. Explain how the auto unseal works - at startup Vault will connect to the device or service implementing the seal and ask it to decrypt the root key Vault read from storage.
Thank you George