Securing your app's communications with Kubernetes, Azure Key Vault, and TLS certificates
@theEugeneRomero
Get the slides: https://damn.engineer/slides
WHO AM I?
Senior Cloud and DevOps Engineer @ Capgemini
15+ years in infrastructure and software development
Restoring and modifying old gaming systems
The Problem
@theEugeneRomero
Get the slides: https://damn.engineer/slides
Secrets should be automatically injected into apps, without human intervention
Secrets and code should be kept separate until runtime
Secrets management is hard
(A) Solution
@theEugeneRomero
Get the slides: https://damn.engineer/slides
Azure Key Vault
Kubernetes Secrets Store CSI Driver
Kubernetes
Kubernetes Secrets Store CSI Driver
Integrates secrets stores with Kubernetes via a
Container Storage Interface (CSI) volume
Allows Kubernetes to collect secrets, keys, and certs from enterprise-grade external secrets stores and mount them as pod volumes
Demo
@theEugeneRomero
Get the slides: https://damn.engineer/slides
Internal CA Authority
Apps need to access internal sites securely over HTTPS
Company with internal resources
Scenario
Helm chart
Azure CLI
Kubernetes ( Minikube )
demo components
Please hold for demo...
@theEugeneRomero
Get the slides: https://damn.engineer/slides
More Information
Secrets Store CSI Driver
secrets-store-csi-driver.sigs.k8s.io
Demo repository and files
github.com/eugeneromero/kubernetes-tls-azurekeyvault
Detailed post and walkthrough
damn.engineer/2022/02/07/tls-cert-azure-keyvault-kubernetes
Get in touch!
@theEugeneRomero
https://damn.engineer/