Secret Store CSI Driver Tutorial | Kubernetes Secrets | AWS Secrets Manager

Secret Store CSI Driver Tutorial | Kubernetes Secrets | AWS Secrets Manager | KodeKloud

Рет қаралды 28,305

Күн бұрын

Пікірлер: 33

@ChiruMegs 6 ай бұрын

Looked at many videos to understand AWS Secrets, CSI drivers and Storage Class. This is the Best tutorial on this topic I had found till date.

@nforlife 7 ай бұрын

What a great demo and some troubleshooting My fav is Hashicorp vault!

@rishisharath6668 4 ай бұрын

Thank you so much for making this, its been really helpful, also just to add to anyone wondering, if ur creating ur application in a seperate namespace make sure u create the service account in that particular namespace too and not in defualt namespace.

@arunshankar1987 7 ай бұрын

Helpful video. Saved my day

@erodotosdemetriou6506 Ай бұрын

Perfect. Kudos sir!

@KodeKloud 16 күн бұрын

Thank you kindly!

@omega1962 6 ай бұрын

Excellent Excellent Excellent.....simply excellent....thanks a lot Sir.....

@vladimirsiman8838 2 ай бұрын

this video is a high quality stuff, thanks a lot, great !

@subithalsubbaiah7004 6 ай бұрын

@kodeKloud , I'm wondering, How is it safe when the password is saved in plain text inside the pod. Anyone with read access , who can read the k8s secret can also read the pod's volume. Correct me if I'm wrong.

@ofirfr4804 4 ай бұрын

The pod has to have the credentials / authorization in order to connect to other services, a DB for an instance. So, if you have access to the pod which connects to a DB, you have access to the DB, with the same privileges given to the pod.

@HadiAl-Atally 4 ай бұрын

That was one fantastic demo, many thanks.

@CarlosMarin-lp9xe Ай бұрын

Excellent video!!!

@sonubhagat6372 23 күн бұрын

Is that anyways to configure webhook so that whenever something changed to secret manager it should notify to csi

@fabrizzio_aranda 6 ай бұрын

Great information, looks like with this implementation it won't be possible to use the secrets as env variables, instead I will need to indicate my app to fetch the secrets from a file, and monitor when the secret's value changes, correct?

@pradippipaliya9675 Ай бұрын

@kodeKloud, How can we use secrets from secret manager into our on-premise kubernetes cluster which is setup using kubeadm?? We want to use Secret store CSI Driver to inject secret into pod from secret manager. I have find a lot but not getting anything, please help.

@wenjieyang2226 6 ай бұрын

Nice video!!! Thanks Sanjeev

@rajenderprasad1193 4 ай бұрын

This is great demo.. I have a question. Is there any way to create configMap instead of secret..

@sagarhm2237 4 ай бұрын

yes good question , Curenntly agrocd supports with restarts pods .

@manuv2u 2 ай бұрын

I have done as it is it worked 🎉, but I have try with multiple node group in same cluster like node-dev and node-qa, with different secret manager but iam not able to access in one node, in node-dev group instance are running.. but in node-qa group instance are not running.. with same configuration ( I have cross check twice) Check with secret store log that are not mounted, it's not able to retrieve secret from Secret manager error like "Failed to fetch secret from all regions"

@ferhatcan5262 7 ай бұрын

So helpfull

@KodeKloud 7 ай бұрын

Thank you!

@pradippipaliya9675 4 ай бұрын

Is there any way to inject secret value as env variable inside the pod without creating kubernetes secrets??

@Tester-f6j 7 ай бұрын

Hi you'r video looks great can you please explain how can i use the value in the pod env section ? Thank you

@SoulJah876 7 ай бұрын

Maybe it would be only possible set a secret from the mounted file as an env variable within pod's container(s).

@chrisbecke2793 6 ай бұрын

This is one of the reasons to sync as a kubernetes secret.

@dsosys 7 ай бұрын

Great....

@tonyc2227 3 ай бұрын

sealed secret is my favorite since the secret is never stored in plain text on a file system.

@TheRealZauriel 3 ай бұрын

I think you should re-read the documentation. I'm pretty sure once a sealed-secret is applied to a cluster, it's stored as a regular k8s secret that's base64 encoded. Sealed-secrets is just for securely storing the secret in a git repo.