Summary
AppsCode held a webinar on “Manage HashiCorp Vault in Kubernetes Native Way Using KubeVault”. This took place on 12th August 2021. The contents of what took place at the webinar are shown below:
- What is a secret?
- Managing secrets in Kubernetes.
- Consuming external secrets in Kubernetes
- Managing Vault in Kubernetes (Kubernetes native way)
- Operator over Helm charts
- KubeVault Introduction & Features
- Demo
- Deploy VaultServer using KubeVault Operator
- Enable & Configure Database SecretEngine
- Mount Dynamically generated credentials in a Pod using CSI Driver
- High Availability & Disaster Recovery
- Q & A Session
Description of the Webinar
The webinar starts with describing how to manage secrets in Kubernetes and the lackings that Kubernetes has in doing so. Then, it is described why operators are preferred over Helm/YAML. After that, the description of what KubeVault is and its features are shown. The features are:
- Auto Initialization & Unsealing of Vault
- Dynamic Phase Reflections
- Accidental Deletion Prevention
- Vault Policy Control
- Multiple Authentication Method (TLS, Userpass, Token etc.)
- Multiple Storage Backends Support
- Multiple Secret Engines Support
After showing the different features of KubeVault the demo
portion of the webinar started. In the demo, at first, it was shown how to install KubeVault, Secrets Store CSI Driver and Vault Specific CSI Provider
. An Elasticsearch database
using KubeDB
operator by AppsCode was used.
After that, it was shown how VaultServer
can be deployed using Raft Storage Backend
. GCP bucket
was used to store the Vault root-token & the unseal-keys
. Besides this, Enabling & Configuring SecretEngine using KubeVault was shown. Finally, in the demo, it was shown how to generate Dynamic Elasticsearch credentials & Mounted them in a Pod using Secrets Store CSI drive. During the Demo, different CRD of KubeVault were also discussed.
At the last part of the demo, different scenarios to show the High Availability & Disaster Recovery
capability of KubeVault were simulated. Finally, the Q&A session
was held and the webinar was finished. All in all, it was an effective webinar which showed the importance and contribution of KubeVault and how we can use it effectively.
Take a deep dive into the full webinar below:
What Next?
Please try the latest release and give us your valuable feedback.
If you want to install KubeVault, please follow the installation instruction from here .
Step by step guide & the manifest files used in the demo can be found here .
If you want to upgrade KubeVault from a previous version, please follow the upgrade instruction from here .
Support
To speak with us, please leave a message on our website .
To receive product announcements, follow us on Twitter .
If you have found a bug with KubeVault or want to request new features, please file an issue .