@theEugeneRomero
Get the slides: https://damn.engineer/slides
Senior Cloud and DevOps Engineer @ Capgemini
15+ years in infrastructure and software development
Restoring and modifying old gaming systems
@theEugeneRomero
Get the slides: https://damn.engineer/slides
Secrets should be automatically injected into apps, without human intervention
Secrets and code should be kept separate until runtime
Secrets management is hard
@theEugeneRomero
Get the slides: https://damn.engineer/slides
Azure Key Vault
Kubernetes Secrets Store CSI Driver
Kubernetes
Integrates secrets stores with Kubernetes via a
Container Storage Interface (CSI) volume
Allows Kubernetes to mount secrets, keys, and certs stored in enterprise-grade external secrets stores into pods as volumes
@theEugeneRomero
Get the slides: https://damn.engineer/slides
Internal CA Authority
Apps need to access internal sites securely over HTTPS
Company with internal resources
Helm chart
Azure CLI
Kubernetes ( Minikube )
@theEugeneRomero
Get the slides: https://damn.engineer/slides
Secrets Store CSI Driver
secrets-store-csi-driver.sigs.k8s.io
Demo repository and files
github.com/eugeneromero/kubernetes-tls-azurekeyvault
Detailed post and walkthrough
damn.engineer/2022/02/07/tls-cert-azure-keyvault-kubernetes
( And take a sticker! )
@theEugeneRomero
https://damn.engineer/