Secret Store CSI Driver Tutorial | Kubernetes Secrets | AWS Secrets Manager | KodeKloud

Looked at many videos to understand AWS Secrets, CSI drivers and Storage Class. This is the Best tutorial on this topic I had found till date.

ChiruMegs

What a great demo and some troubleshooting
My fav is Hashicorp vault!

nforlife

Excellent Excellent excellent....thanks a lot

omega

me screaming from 27:57 to 28:18 "ctrl+f rotat" 😀😀
j/k .. nice tutorial, thanks!

algomithr

Thank you so much for making this, its been really helpful, also just to add to anyone wondering, if ur creating ur application in a seperate namespace make sure u create the service account in that particular namespace too and not in defualt namespace.

rishisharath

That was one fantastic demo, many thanks.

HadiAl-Atally

Very well done. So far I used ASM. so thats my fav.

mynenisr

Wow! No needed to restart pod to get updated secret!

alexferreira

this video is a high quality stuff, thanks a lot, great !

vladimirsiman

Hello, thank you for your great video! I would like to know if it’s possible to use a CSI storage driver in my EKS cluster without configuring the OIDC provider for the cluster. Specifically, I want to rely solely on the IAM roles of the worker nodes and add the necessary permissions to retrieve secrets from Secrets Manager through those roles. I understand that this may not be the most secure option, as all pods on the worker nodes would inherit the permissions of the worker nodes.

darkjo

I have a question from a application developer perspective. So instead of getting secret values as env variables from helmcharts, we get it in a file mounted at a specific location inside a pod. So can we use that file to extract secrets to use in our application code. (JAVA using spring boot framework)

yashgoyal

Great information, looks like with this implementation it won't be possible to use the secrets as env variables, instead I will need to indicate my app to fetch the secrets from a file, and monitor when the secret's value changes, correct?

fabrizzio_aranda

@kodeKloud, I'm wondering, How is it safe when the password is saved in plain text inside the pod. Anyone with read access, who can read the k8s secret can also read the pod's volume. Correct me if I'm wrong.

subithalsubbaiah

Is that anyways to configure webhook so that whenever something changed to secret manager it should notify to csi

sonubhagat

I have done as it is it worked 🎉, but I have try with multiple node group in same cluster like node-dev and node-qa, with different secret manager but iam not able to access in one node, in node-dev group instance are running.. but in node-qa group instance are not running.. with same configuration ( I have cross check twice)
Check with secret store log that are not mounted, it's not able to retrieve secret from Secret manager error like "Failed to fetch secret from all regions"

manuvu

Hi you'r video looks great
can you please explain how can i use the value in the pod env section ?

Thank you

Tester-fj

Is there any way to inject secret value as env variable inside the pod without creating kubernetes secrets??

pradippipaliya

This is great demo.. I have a question. Is there any way to create configMap instead of secret..

rajenderprasad

@kodeKloud, How can we use secrets from secret manager into our on-premise kubernetes cluster which is setup using kubeadm?? We want to use Secret store CSI Driver to inject secret into pod from secret manager. I have find a lot but not getting anything, please help.

pradippipaliya

sealed secret is my favorite since the secret is never stored in plain text on a file system.

tonyc