Securing your app's communications with Kubernetes, Azure Key Vault, and TLS certificates
@theEugeneRomero
Get the slides: https://damn.engineer/slides
WHO AM I?
Senior Cloud and DevOps Engineer @ Capgemini Norway
15+ years in infrastructure and software development
Linux nerd
Restoring and modifying old gaming systems
The Problem
@theEugeneRomero
Get the slides: https://damn.engineer/slides
Secrets should be automatically injected into apps, without human intervention
Secrets and code should be kept separate until runtime
Secrets management is hard
(A) Solution
@theEugeneRomero
Get the slides: https://damn.engineer/slides
Azure Key Vault
Kubernetes Secrets Store CSI Driver
Kubernetes
Kubernetes Secrets Store CSI Driver
Integrates secrets stores with Kubernetes via a
Container Storage Interface (CSI) volume
Allows Kubernetes to mount secrets, keys, and certs stored in enterprise-grade external secrets stores into pods as volumes
Demo
@theEugeneRomero
Get the slides: https://damn.engineer/slides
Internal CA Authority
Apps need to access and send data to and from internal sites, which require HTTPS
Company with internal resources
Scenario
Azure Key Vault
Helm
Kubernetes (Minikube)
Components
Please hold for demo...
More Information
Secrets Store CSI Driver
https://secrets-store-csi-driver.sigs.k8s.io
Demo repository and files
https://github.com/eugeneromero/kubernetes-tls-azurekeyvault
Detailed post and walkthrough
https://damn.engineer/2022/02/07/tls-cert-azure-keyvault-kubernetes
Get in touch!
@theEugeneRomero
https://damn.engineer/
(And apply to be my colleague @ capgemini.com)