@AbhishekVeeramalla To understand the topics you have taken the multiple approach to explain the details instead of repeating same things for your subcribers or whose is egar to learn it....❤❤❤
This is absolutely top notch explanation from you Abhishek bhai 💗.😀. Can you please assist me how we can write the Docker service connection parameter post adding the key pair value in Azure secrets vault .
I completed all the steps and verified them in the console but at the final stage, the pod remained in the "container creating" state due to an RBAC issue. Due to time constraints, I was unable to troubleshoot this issue fully. but yes I gained a clear understanding of Azure Key Vault and how pods access external vault using managed identity through the CSI driver and the vault vendor provider running on k8s cluster as daemon sets.
thanks for the video bro. small doubt, you are using managed identity to have access between resources. but how can we use managed identity if they are in different subscriptions..does managed identity work in between resources in different subscriptions
Hello @Abhishek. Can we create the system managed identity and associate it with virtual machine scale set and create a secret storage provider class and mount that secret to the pod . Can we do this way ! If yes, Which is more feasible way. I request you to please through some light on this topic as well and request you to pelase create a video where if you can explain what are the different way to integrate AKS with any Azure Services and what is suitable in what scneario as this would definitely help lot of people to understnd when to use system mg identity, when to use user assigned mg identity and when to use Service Principal. If you can clear out this in any video then this would be of great use to everyone and the community as well.
hello in the documentation git adjustament this line export KEYVAULT_SCOPE=$(az keyvault show --name $KEYVAULT_NAME -g $RESOURCE_GROUP --query id -o tsv) , this error is for -g $RESOURCE_GROUP no mapping.
Hi Abhishek, Please can you help us in the last part when creating the pod its going into container creating state. i have checked the permissions its given as how you gave. I see other person in the chat also faced the same issue PLEASE ABHISHEK! Thanks. Pavan
You should create key1 and secret1 in key vault. You might have not created them. You can describe the pod to see what is the error, it should be the error mostly.
@@AbhishekVeeramalla I have created with different name for key and secret updated those names in the Storage Provider Class When I do describe pods it says Caller is not authorized to perform action on resource. But I have double checked and given permissions as you gave
Thank you so much for sharing this video. I have a question. Using the secretproviderclass, how can secret be injected for ingress to consume. Imagine my wildcard certificate and key is present In a path in Hashicorp vault. I tried to do this but since Ingres doesn’t mount volume it didn’t work. How can I achieve this? Thank you
when i ran the cmd: "az aks create --name keyvault-demo-cluster -g keyvault-demo --node-count 1 --enable-addons azure-keyvault-secrets-provider --enable-oidc-issuer --enable-workload-identity"; getting error:incorrect padding when creating aks cluster....anyone help ?
completed the demo successfully... Thanks to you Abhi, i perfectly understand the OIDC Federation, managed identity and CSI concept.
😍
@AbhishekVeeramalla To understand the topics you have taken the multiple approach to explain the details instead of repeating same things for your subcribers or whose is egar to learn it....❤❤❤
Thanks
Implemented everything as is, everything worked great!! Thank you
You're welcome!
Really great video. Keep making such detailed videos. Thanks Abhishek.
Yes Monitoring is most asked in interviews
Thanks for this demo Abhi
My pleasure 😊
Clear explanation - But need practise on my end
Thanks
One-man army:).. hopefully, one day I'll possess one-fourth of your knowledge
😍
Hi Abhishek, perfectly understand. If we uses csi driver to fetch secrets, do we really need to restart pod if secret renews?
This is absolutely top notch explanation from you Abhishek bhai 💗.😀. Can you please assist me how we can write the Docker service connection parameter post adding the key pair value in Azure secrets vault .
I completed all the steps and verified them in the console but at the final stage, the pod remained in the "container creating" state due to an RBAC issue. Due to time constraints, I was unable to troubleshoot this issue fully. but yes I gained a clear understanding of Azure Key Vault and how pods access external vault using managed identity through the CSI driver and the vault vendor provider running on k8s cluster as daemon sets.
😍😍😍
great video and thanks alot abhishek
Thanks, how do people use the mounted secrets as environment variables for any app inside pod. Recommended way.
thanks for the video bro. small doubt, you are using managed identity to have access between resources. but how can we use managed identity if they are in different subscriptions..does managed identity work in between resources in different subscriptions
Hello @Abhishek. Can we create the system managed identity and associate it with virtual machine scale set and create a secret storage provider class and mount that secret to the pod . Can we do this way ! If yes, Which is more feasible way.
I request you to please through some light on this topic as well and request you to pelase create a video where if you can explain what are the different way to integrate AKS with any Azure Services and what is suitable in what scneario as this would definitely help lot of people to understnd when to use system mg identity, when to use user assigned mg identity and when to use Service Principal.
If you can clear out this in any video then this would be of great use to everyone and the community as well.
Much appreciated sir❤❤❤
My pleasure
after running the list cmd. I'm unable to see two files with key1 and secret1 name the output is showing no such directory found
How can we assign ssl certificate stored key valut to either port or AG ingress controller so applications can be securely accessed over internet?
Please explain SPN concepts
Thanks a lot for this video...🤩
Most welcome 😊
Can we expect a video on aks workload identity implementation in this series ??
We implemented workload identity in this video
Thank you Anna❤
Thanks
hello in the documentation git adjustament this line export KEYVAULT_SCOPE=$(az keyvault show --name $KEYVAULT_NAME -g $RESOURCE_GROUP --query id -o tsv) , this error is for -g $RESOURCE_GROUP no mapping.
Hi Abhishek,
Please can you help us in the last part when creating the pod its going into container creating state. i have checked the permissions its given as how you gave.
I see other person in the chat also faced the same issue
PLEASE ABHISHEK!
Thanks.
Pavan
You should create key1 and secret1 in key vault. You might have not created them.
You can describe the pod to see what is the error, it should be the error mostly.
@@AbhishekVeeramalla I have created with different name for key and secret updated those names in the Storage Provider Class
When I do describe pods it says
Caller is not authorized to perform action on resource.
But I have double checked and given permissions as you gave
Hashicorp Vault Integration Tutorial... We need
Its already available. Check the terraform playlist
I mean Integration with various tools like Jenkins, Docker, Kubernetes, Helm.
Thanks for u reply.. Ur effort and making videos on GitDevSecOps just... AMAZING
Thank you so much for sharing this video. I have a question. Using the secretproviderclass, how can secret be injected for ingress to consume. Imagine my wildcard certificate and key is present In a path in Hashicorp vault. I tried to do this but since Ingres doesn’t mount volume it didn’t work. How can I achieve this? Thank you
hi abhi, 41:18 for this, you might be --assignee first come then --role will later as per error message instructions, I am not sure may be it's work
May be yeah, I did not troubleshoot much as I was recording.
No .. there was extra space at end @abhishek
Thanks
Where are you executing those commands?? Is it CMD? Or other terminal im kinda confused please help
Please start with day 1 of devops zero to hero course. Btw I am using the mac in built terminal
In windows what can we use then? @@AbhishekVeeramalla
@@The_boogie_tales you can use powershell, makesure azurecli is installed
Will it be the same step for integration azure AKS with azure app config using key vault reference?
You can follow the managed identity steps in the video
Thanks. @@AbhishekVeeramalla . I was able to do it.
when i ran the cmd: "az aks create --name keyvault-demo-cluster -g keyvault-demo --node-count 1 --enable-addons azure-keyvault-secrets-provider --enable-oidc-issuer --enable-workload-identity"; getting error:incorrect padding when creating aks cluster....anyone help ?
Like AWS secret manager to Eks integration can you make that video anna
Sure
Thank You ❤
Thank you so much
You're most welcome
Explain about azure admin job in real time scenario.
Sure
Where the playlist can u provide link please
is this tutorial complete for azure bcs I want to star please reply 🙏
Thanks sir 🥇🥇🥇🥇🥇🥇
😍😍😍
❤
Thanks
Please guide me through the order of watching your video listings .
DevOps Zero to hero
AWS / Azure Zero to Hero
Terraform Zero to Hero
Python for DevOps
@@AbhishekVeeramalla thanks
Hi annaya mito matladi anna Ela contact avvali
keyvault name needs to be unique , we cannot use your keyvalut name