SlideShare a Scribd company logo

Kubernautes meetup II

Aleksandar Lazic
Aleksandar Lazic

This presentation shows what's Azure Kubernetes Service and what's Hashicorp Vault is.

Technology
1 of 13
Download to read offline
Kubernautes II Kubernautes II Meetup Vienna 18.10.2019 1
Agenda • About ME2D • What’s AKS • Accelerate containerized application development • History of Hashicorp • Hashicorp Vault • Hashicorp Vault architecture • Hashicorp Vault Seal • Hashicorp Vault Setup • Policy-Authorization Workflow • How we use Vault and Consul 18.10.2019 2
About ME2Digital • Aleksandar Lazic since ~20 years in IT • Since 2003 active in haproxy community • Since 2006 active in nginx community => nginxpert • Since ??? in curl active community • Since 2015 in openshift community • Stay always curious • I like what I do and I do it with passion ;-) • I founded ME2Digital in 2017 18.10.2019 3
What’s Azure AKS • Azure Kubernetes Service • Launched Oct. 24th 2017 • Precursor was ACS (Azure container service) • More or less Vanilla Kubernetes ● HA Masters ● Nodes are Azure VM Machines ● “harden OS” • Registry own Product ACR (Azure container registry) • AKS SLA 99,5% “strive to attain” 18.10.2019 4
History of Hashicorp • Hashicorp founded 2012 by Mitchell Hashimoto and Armon Dadgar • Some Products ● Vagrant => Virtualization tool ● Packer => Image creation tool ● Terraform => Provisionig tool ● Consul => DNS and Key Value Server ● Vault => Secrets Management Server 18.10.2019 6
Hashicorp Vault • First release Apr. 28th 2015 ● https://www.hashicorp.com/blog/vault-announcement/ • Features ● Secrets Management (dynamic and static) ● Automatic TTL handling ● ACL’s and Auditing ● Multiple authentication methods ● Different versions available: OSS and Enterprise ● API Driven 18.10.2019 7
Hashicorp Vault Seal https://www.vaultproject.io/docs/concepts/seal.html • Sealed by default ● When a Vault server is started, it starts in a sealed state. In this state, Vault is configured to know where and how to access the physical storage, but doesn't know how to decrypt any of it. ● Shamir's secret sharing algorithm ● https://en.wikipedia.org/wiki/Shamir's_Secret_Sharing ● Fist step is always to unseal the encrypted store ● Manual unseal ● https://www.vaultproject.io/docs/commands/operator/unseal.html ● Auto unseal ● https://www.vaultproject.io/docs/configuration/seal/azurekeyvault.html 18.10.2019 9
Hashicorp Vault Setup • Configuration via HCL (HashiCorp configuration language) • Secrets engines https://www.vaultproject.io/docs/secrets/index.html ● Key / Value ● PKI • Different Backends ● For example Consul which is a HA one ● Overview of backends https://www.vaultproject.io/docs/configuration/storage/index.html • Setup Policies https://www.vaultproject.io/docs/concepts/policies.html 18.10.2019 10
Policy-Authorization Workflow 18.10.2019 11
How we use Vault and Consul • Save users password in vault • Restrict access for applications • Get database access from vault • In combination with consul-template get app server access token • Create HAProxy configuration from consul services 18.10.2019 12
Contact Information's • LinkedIn: https://www.linkedin.com/in/me2digital/ • SlideShare: https://www.slideshare.net/AleksandarLazic4 • Docker Hub: https://hub.docker.com/u/me2digital/ • GitHub: https://github.com/git001 • Twitter: @ME2Digital • HP: www.me2digital.com • E-Mail: office@me2digital.com • Slack: aleks-me2digital 18.10.2019 13

Recommended

Git - An Introduction
Git - An IntroductionGit - An Introduction
Git - An IntroductionKrishnamoorthy Arvind
 
Blockchain Educational Framework - Course Overview
Blockchain Educational Framework - Course OverviewBlockchain Educational Framework - Course Overview
Blockchain Educational Framework - Course OverviewGokul Alex
 
Icinga Camp Berlin 2017 - Icinga Web 2 - How to Write Modules
Icinga Camp Berlin 2017 - Icinga Web 2 - How to Write ModulesIcinga Camp Berlin 2017 - Icinga Web 2 - How to Write Modules
Icinga Camp Berlin 2017 - Icinga Web 2 - How to Write ModulesIcinga
 
Service Discovery: From Classic to VPC
Service Discovery: From Classic to VPCService Discovery: From Classic to VPC
Service Discovery: From Classic to VPCMark Corwin
 
FIWARE Tech Summit - Building Real-Time Dashboards to Monitor Context
FIWARE Tech Summit - Building Real-Time Dashboards to Monitor ContextFIWARE Tech Summit - Building Real-Time Dashboards to Monitor Context
FIWARE Tech Summit - Building Real-Time Dashboards to Monitor ContextFIWARE
 
Icinga Camp Bangalore - Icinga2 and Salt Stack at SnapDeal
Icinga Camp Bangalore - Icinga2 and Salt Stack at SnapDealIcinga Camp Bangalore - Icinga2 and Salt Stack at SnapDeal
Icinga Camp Bangalore - Icinga2 and Salt Stack at SnapDealIcinga
 
WSO2 Workshop Sydney 2016 - Microservices
WSO2 Workshop Sydney 2016 - MicroservicesWSO2 Workshop Sydney 2016 - Microservices
WSO2 Workshop Sydney 2016 - MicroservicesDassana Wijesekara
 
Icinga Camp Belgrade - Icinga 2 Apify Them All
Icinga Camp Belgrade - Icinga 2 Apify Them AllIcinga Camp Belgrade - Icinga 2 Apify Them All
Icinga Camp Belgrade - Icinga 2 Apify Them AllIcinga
 

Recommended

Git - An Introduction
Git - An IntroductionGit - An Introduction
Git - An IntroductionKrishnamoorthy Arvind
 
Blockchain Educational Framework - Course Overview
Blockchain Educational Framework - Course OverviewBlockchain Educational Framework - Course Overview
Blockchain Educational Framework - Course OverviewGokul Alex
 
Icinga Camp Berlin 2017 - Icinga Web 2 - How to Write Modules
Icinga Camp Berlin 2017 - Icinga Web 2 - How to Write ModulesIcinga Camp Berlin 2017 - Icinga Web 2 - How to Write Modules
Icinga Camp Berlin 2017 - Icinga Web 2 - How to Write ModulesIcinga
 
Service Discovery: From Classic to VPC
Service Discovery: From Classic to VPCService Discovery: From Classic to VPC
Service Discovery: From Classic to VPCMark Corwin
 
FIWARE Tech Summit - Building Real-Time Dashboards to Monitor Context
FIWARE Tech Summit - Building Real-Time Dashboards to Monitor ContextFIWARE Tech Summit - Building Real-Time Dashboards to Monitor Context
FIWARE Tech Summit - Building Real-Time Dashboards to Monitor ContextFIWARE
 
Icinga Camp Bangalore - Icinga2 and Salt Stack at SnapDeal
Icinga Camp Bangalore - Icinga2 and Salt Stack at SnapDealIcinga Camp Bangalore - Icinga2 and Salt Stack at SnapDeal
Icinga Camp Bangalore - Icinga2 and Salt Stack at SnapDealIcinga
 
WSO2 Workshop Sydney 2016 - Microservices
WSO2 Workshop Sydney 2016 - MicroservicesWSO2 Workshop Sydney 2016 - Microservices
WSO2 Workshop Sydney 2016 - MicroservicesDassana Wijesekara
 
Icinga Camp Belgrade - Icinga 2 Apify Them All
Icinga Camp Belgrade - Icinga 2 Apify Them AllIcinga Camp Belgrade - Icinga 2 Apify Them All
Icinga Camp Belgrade - Icinga 2 Apify Them AllIcinga
 
BizBook365 : A microservice approach
BizBook365 : A microservice approachBizBook365 : A microservice approach
BizBook365 : A microservice approachFoyzul Karim
 
Icinga Camp Berlin 2017 - Integrations all the way
Icinga Camp Berlin 2017 - Integrations all the wayIcinga Camp Berlin 2017 - Integrations all the way
Icinga Camp Berlin 2017 - Integrations all the wayIcinga
 
FIWARE Tech Summit - Professional Dashboards for Dummies
FIWARE Tech Summit - Professional Dashboards for DummiesFIWARE Tech Summit - Professional Dashboards for Dummies
FIWARE Tech Summit - Professional Dashboards for DummiesFIWARE
 
Monoliths, Myths, and Microservices - CfgMgmtCamp
Monoliths, Myths, and Microservices - CfgMgmtCampMonoliths, Myths, and Microservices - CfgMgmtCamp
Monoliths, Myths, and Microservices - CfgMgmtCampMichael Ducy
 
Icinga Camp Berlin 2017 - Welcome & State of Icinga
Icinga Camp Berlin 2017 - Welcome & State of IcingaIcinga Camp Berlin 2017 - Welcome & State of Icinga
Icinga Camp Berlin 2017 - Welcome & State of IcingaIcinga
 
Effective developers and happy ops engineers 2
Effective developers and happy ops engineers 2Effective developers and happy ops engineers 2
Effective developers and happy ops engineers 2Mai Skou Wihlborg
 
Egypt Cloud Day, May2011-- SWIFT
Egypt Cloud Day, May2011-- SWIFTEgypt Cloud Day, May2011-- SWIFT
Egypt Cloud Day, May2011-- SWIFTEgypt Cloud Forum
 
Icinga 2 - Apify them all at Icinga Camp Amsterdam 2016
Icinga 2 - Apify them all at Icinga Camp Amsterdam 2016Icinga 2 - Apify them all at Icinga Camp Amsterdam 2016
Icinga 2 - Apify them all at Icinga Camp Amsterdam 2016Icinga
 
Presentation about Icinga at Kiratech DevOps Day in Verona
Presentation about Icinga at Kiratech DevOps Day in VeronaPresentation about Icinga at Kiratech DevOps Day in Verona
Presentation about Icinga at Kiratech DevOps Day in VeronaIcinga
 
Openshift meetup i
Openshift meetup iOpenshift meetup i
Openshift meetup iAleksandar Lazic
 
Go, Swarm and DevOps vs The Mighty Monolith
Go, Swarm and DevOps vs The Mighty MonolithGo, Swarm and DevOps vs The Mighty Monolith
Go, Swarm and DevOps vs The Mighty MonolithIgor Karpovich
 
State of the Art Containerized Nodejs
State of the Art Containerized NodejsState of the Art Containerized Nodejs
State of the Art Containerized NodejsRoss Kukulinski
 
Ramin Orujov - Android API Overview and Repository
Ramin Orujov - Android API Overview and RepositoryRamin Orujov - Android API Overview and Repository
Ramin Orujov - Android API Overview and RepositoryRashad Aliyev
 
Microservices
MicroservicesMicroservices
MicroservicesNewsCred Dhaka
 
Icinga2 - Apify them all
Icinga2 - Apify them allIcinga2 - Apify them all
Icinga2 - Apify them allIcinga
 
Icinga 2010 at CeBIT
Icinga 2010 at CeBITIcinga 2010 at CeBIT
Icinga 2010 at CeBITIcinga
 
My internwork
My internworkMy internwork
My internworkV C
 
Icinga Camp San Francisco 2017 - Current State of Icinga
Icinga Camp San Francisco 2017 - Current State of IcingaIcinga Camp San Francisco 2017 - Current State of Icinga
Icinga Camp San Francisco 2017 - Current State of IcingaIcinga
 
Microservices Without the Hassle
Microservices Without the HassleMicroservices Without the Hassle
Microservices Without the HassleFintan Ryan
 
Secret Management with Hashicorp Vault and Consul on Kubernetes
Secret Management with Hashicorp Vault and Consul on KubernetesSecret Management with Hashicorp Vault and Consul on Kubernetes
Secret Management with Hashicorp Vault and Consul on KubernetesAn Nguyen
 
Hashicorp Vault Connector - Dallas MuleSoft Meetup - May 6, 2020
Hashicorp Vault Connector - Dallas MuleSoft Meetup - May 6, 2020Hashicorp Vault Connector - Dallas MuleSoft Meetup - May 6, 2020
Hashicorp Vault Connector - Dallas MuleSoft Meetup - May 6, 2020AVIO Consulting
 
Containers and CloudStack
Containers and CloudStackContainers and CloudStack
Containers and CloudStackShapeBlue
 

More Related Content

What's hot

BizBook365 : A microservice approach
BizBook365 : A microservice approachBizBook365 : A microservice approach
BizBook365 : A microservice approachFoyzul Karim
 
Icinga Camp Berlin 2017 - Integrations all the way
Icinga Camp Berlin 2017 - Integrations all the wayIcinga Camp Berlin 2017 - Integrations all the way
Icinga Camp Berlin 2017 - Integrations all the wayIcinga
 
FIWARE Tech Summit - Professional Dashboards for Dummies
FIWARE Tech Summit - Professional Dashboards for DummiesFIWARE Tech Summit - Professional Dashboards for Dummies
FIWARE Tech Summit - Professional Dashboards for DummiesFIWARE
 
Monoliths, Myths, and Microservices - CfgMgmtCamp
Monoliths, Myths, and Microservices - CfgMgmtCampMonoliths, Myths, and Microservices - CfgMgmtCamp
Monoliths, Myths, and Microservices - CfgMgmtCampMichael Ducy
 
Icinga Camp Berlin 2017 - Welcome & State of Icinga
Icinga Camp Berlin 2017 - Welcome & State of IcingaIcinga Camp Berlin 2017 - Welcome & State of Icinga
Icinga Camp Berlin 2017 - Welcome & State of IcingaIcinga
 
Effective developers and happy ops engineers 2
Effective developers and happy ops engineers 2Effective developers and happy ops engineers 2
Effective developers and happy ops engineers 2Mai Skou Wihlborg
 
Egypt Cloud Day, May2011-- SWIFT
Egypt Cloud Day, May2011-- SWIFTEgypt Cloud Day, May2011-- SWIFT
Egypt Cloud Day, May2011-- SWIFTEgypt Cloud Forum
 
Icinga 2 - Apify them all at Icinga Camp Amsterdam 2016
Icinga 2 - Apify them all at Icinga Camp Amsterdam 2016Icinga 2 - Apify them all at Icinga Camp Amsterdam 2016
Icinga 2 - Apify them all at Icinga Camp Amsterdam 2016Icinga
 
Presentation about Icinga at Kiratech DevOps Day in Verona
Presentation about Icinga at Kiratech DevOps Day in VeronaPresentation about Icinga at Kiratech DevOps Day in Verona
Presentation about Icinga at Kiratech DevOps Day in VeronaIcinga
 
Go, Swarm and DevOps vs The Mighty Monolith
Go, Swarm and DevOps vs The Mighty MonolithGo, Swarm and DevOps vs The Mighty Monolith
Go, Swarm and DevOps vs The Mighty MonolithIgor Karpovich
 
State of the Art Containerized Nodejs
State of the Art Containerized NodejsState of the Art Containerized Nodejs
State of the Art Containerized NodejsRoss Kukulinski
 
Ramin Orujov - Android API Overview and Repository
Ramin Orujov - Android API Overview and RepositoryRamin Orujov - Android API Overview and Repository
Ramin Orujov - Android API Overview and RepositoryRashad Aliyev
 
Icinga2 - Apify them all
Icinga2 - Apify them allIcinga2 - Apify them all
Icinga2 - Apify them allIcinga
 
Icinga 2010 at CeBIT
Icinga 2010 at CeBITIcinga 2010 at CeBIT
Icinga 2010 at CeBITIcinga
 
My internwork
My internworkMy internwork
My internworkV C
 
Icinga Camp San Francisco 2017 - Current State of Icinga
Icinga Camp San Francisco 2017 - Current State of IcingaIcinga Camp San Francisco 2017 - Current State of Icinga
Icinga Camp San Francisco 2017 - Current State of IcingaIcinga
 
Microservices Without the Hassle
Microservices Without the HassleMicroservices Without the Hassle
Microservices Without the HassleFintan Ryan
 

What's hot (19)

BizBook365 : A microservice approach
BizBook365 : A microservice approachBizBook365 : A microservice approach
BizBook365 : A microservice approach
 
Icinga Camp Berlin 2017 - Integrations all the way
Icinga Camp Berlin 2017 - Integrations all the wayIcinga Camp Berlin 2017 - Integrations all the way
Icinga Camp Berlin 2017 - Integrations all the way
 
FIWARE Tech Summit - Professional Dashboards for Dummies
FIWARE Tech Summit - Professional Dashboards for DummiesFIWARE Tech Summit - Professional Dashboards for Dummies
FIWARE Tech Summit - Professional Dashboards for Dummies
 
Monoliths, Myths, and Microservices - CfgMgmtCamp
Monoliths, Myths, and Microservices - CfgMgmtCampMonoliths, Myths, and Microservices - CfgMgmtCamp
Monoliths, Myths, and Microservices - CfgMgmtCamp
 
Icinga Camp Berlin 2017 - Welcome & State of Icinga
Icinga Camp Berlin 2017 - Welcome & State of IcingaIcinga Camp Berlin 2017 - Welcome & State of Icinga
Icinga Camp Berlin 2017 - Welcome & State of Icinga
 
Effective developers and happy ops engineers 2
Effective developers and happy ops engineers 2Effective developers and happy ops engineers 2
Effective developers and happy ops engineers 2
 
Egypt Cloud Day, May2011-- SWIFT
Egypt Cloud Day, May2011-- SWIFTEgypt Cloud Day, May2011-- SWIFT
Egypt Cloud Day, May2011-- SWIFT
 
Icinga 2 - Apify them all at Icinga Camp Amsterdam 2016
Icinga 2 - Apify them all at Icinga Camp Amsterdam 2016Icinga 2 - Apify them all at Icinga Camp Amsterdam 2016
Icinga 2 - Apify them all at Icinga Camp Amsterdam 2016
 
Presentation about Icinga at Kiratech DevOps Day in Verona
Presentation about Icinga at Kiratech DevOps Day in VeronaPresentation about Icinga at Kiratech DevOps Day in Verona
Presentation about Icinga at Kiratech DevOps Day in Verona
 
Openshift meetup i
Openshift meetup iOpenshift meetup i
Openshift meetup i
 
Go, Swarm and DevOps vs The Mighty Monolith
Go, Swarm and DevOps vs The Mighty MonolithGo, Swarm and DevOps vs The Mighty Monolith
Go, Swarm and DevOps vs The Mighty Monolith
 
State of the Art Containerized Nodejs
State of the Art Containerized NodejsState of the Art Containerized Nodejs
State of the Art Containerized Nodejs
 
Ramin Orujov - Android API Overview and Repository
Ramin Orujov - Android API Overview and RepositoryRamin Orujov - Android API Overview and Repository
Ramin Orujov - Android API Overview and Repository
 
Microservices
MicroservicesMicroservices
Microservices
 
Icinga2 - Apify them all
Icinga2 - Apify them allIcinga2 - Apify them all
Icinga2 - Apify them all
 
Icinga 2010 at CeBIT
Icinga 2010 at CeBITIcinga 2010 at CeBIT
Icinga 2010 at CeBIT
 
My internwork
My internworkMy internwork
My internwork
 
Icinga Camp San Francisco 2017 - Current State of Icinga
Icinga Camp San Francisco 2017 - Current State of IcingaIcinga Camp San Francisco 2017 - Current State of Icinga
Icinga Camp San Francisco 2017 - Current State of Icinga
 
Microservices Without the Hassle
Microservices Without the HassleMicroservices Without the Hassle
Microservices Without the Hassle
 

Similar to Kubernautes meetup II

Secret Management with Hashicorp Vault and Consul on Kubernetes
Secret Management with Hashicorp Vault and Consul on KubernetesSecret Management with Hashicorp Vault and Consul on Kubernetes
Secret Management with Hashicorp Vault and Consul on KubernetesAn Nguyen
 
Hashicorp Vault Connector - Dallas MuleSoft Meetup - May 6, 2020
Hashicorp Vault Connector - Dallas MuleSoft Meetup - May 6, 2020Hashicorp Vault Connector - Dallas MuleSoft Meetup - May 6, 2020
Hashicorp Vault Connector - Dallas MuleSoft Meetup - May 6, 2020AVIO Consulting
 
Containers and CloudStack
Containers and CloudStackContainers and CloudStack
Containers and CloudStackShapeBlue
 
DevNexus 2015: Kubernetes & Container Engine
DevNexus 2015: Kubernetes & Container EngineDevNexus 2015: Kubernetes & Container Engine
DevNexus 2015: Kubernetes & Container EngineKit Merker
 
from Docker to Moby and back. what changed ?
from Docker to Moby and back. what changed ?from Docker to Moby and back. what changed ?
from Docker to Moby and back. what changed ?strikr .
 
Apache CloudStack Integration with HashiCorp Vault
Apache CloudStack Integration with HashiCorp VaultApache CloudStack Integration with HashiCorp Vault
Apache CloudStack Integration with HashiCorp VaultCloudOps2005
 
Centralizing Kubernetes and Container Operations
Centralizing Kubernetes and Container OperationsCentralizing Kubernetes and Container Operations
Centralizing Kubernetes and Container OperationsKublr
 
Kubernetes and container security
Kubernetes and container securityKubernetes and container security
Kubernetes and container securityVolodymyr Shynkar
 
Kubecon 2019_eu-k8s-secrets-csi
Kubecon 2019_eu-k8s-secrets-csiKubecon 2019_eu-k8s-secrets-csi
Kubecon 2019_eu-k8s-secrets-csiRita Zhang
 
Icinga Camp Bangalore - Icinga integrations
Icinga Camp Bangalore - Icinga integrationsIcinga Camp Bangalore - Icinga integrations
Icinga Camp Bangalore - Icinga integrationsIcinga
 
Kubernetes Secrets Management on Production with Demo
Kubernetes Secrets Management on Production with DemoKubernetes Secrets Management on Production with Demo
Kubernetes Secrets Management on Production with DemoOpsta
 
Intelligent Cloud Conference 2018 - Building secure cloud applications with A...
Intelligent Cloud Conference 2018 - Building secure cloud applications with A...Intelligent Cloud Conference 2018 - Building secure cloud applications with A...
Intelligent Cloud Conference 2018 - Building secure cloud applications with A...Tom Kerkhove
 
BuildStuff 2019: Let me handle that for you... Why you need a reverse proxy
BuildStuff 2019: Let me handle that for you... Why you need a reverse proxyBuildStuff 2019: Let me handle that for you... Why you need a reverse proxy
BuildStuff 2019: Let me handle that for you... Why you need a reverse proxyElton Stoneman
 
Webinar - DreamObjects/Ceph Case Study
Webinar - DreamObjects/Ceph Case StudyWebinar - DreamObjects/Ceph Case Study
Webinar - DreamObjects/Ceph Case StudyCeph Community
 
Cocoapods in action
Cocoapods in actionCocoapods in action
Cocoapods in actionHan Qin
 
Leveraging NoSQL Database Technology to Implement Real-time Data Architecture...
Leveraging NoSQL Database Technology to Implement Real-time Data Architecture...Leveraging NoSQL Database Technology to Implement Real-time Data Architecture...
Leveraging NoSQL Database Technology to Implement Real-time Data Architecture...Impetus Technologies
 
stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...
stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...
stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...NETWAYS
 

Similar to Kubernautes meetup II (20)

Secret Management with Hashicorp Vault and Consul on Kubernetes
Secret Management with Hashicorp Vault and Consul on KubernetesSecret Management with Hashicorp Vault and Consul on Kubernetes
Secret Management with Hashicorp Vault and Consul on Kubernetes
 
Hashicorp Vault Connector - Dallas MuleSoft Meetup - May 6, 2020
Hashicorp Vault Connector - Dallas MuleSoft Meetup - May 6, 2020Hashicorp Vault Connector - Dallas MuleSoft Meetup - May 6, 2020
Hashicorp Vault Connector - Dallas MuleSoft Meetup - May 6, 2020
 
Containers and CloudStack
Containers and CloudStackContainers and CloudStack
Containers and CloudStack
 
Kubernetes Security
Kubernetes SecurityKubernetes Security
Kubernetes Security
 
Vault
VaultVault
Vault
 
DevNexus 2015: Kubernetes & Container Engine
DevNexus 2015: Kubernetes & Container EngineDevNexus 2015: Kubernetes & Container Engine
DevNexus 2015: Kubernetes & Container Engine
 
from Docker to Moby and back. what changed ?
from Docker to Moby and back. what changed ?from Docker to Moby and back. what changed ?
from Docker to Moby and back. what changed ?
 
Apache CloudStack Integration with HashiCorp Vault
Apache CloudStack Integration with HashiCorp VaultApache CloudStack Integration with HashiCorp Vault
Apache CloudStack Integration with HashiCorp Vault
 
Centralizing Kubernetes and Container Operations
Centralizing Kubernetes and Container OperationsCentralizing Kubernetes and Container Operations
Centralizing Kubernetes and Container Operations
 
Kubernetes and container security
Kubernetes and container securityKubernetes and container security
Kubernetes and container security
 
Kubecon 2019_eu-k8s-secrets-csi
Kubecon 2019_eu-k8s-secrets-csiKubecon 2019_eu-k8s-secrets-csi
Kubecon 2019_eu-k8s-secrets-csi
 
Icinga Camp Bangalore - Icinga integrations
Icinga Camp Bangalore - Icinga integrationsIcinga Camp Bangalore - Icinga integrations
Icinga Camp Bangalore - Icinga integrations
 
Kubernetes Secrets Management on Production with Demo
Kubernetes Secrets Management on Production with DemoKubernetes Secrets Management on Production with Demo
Kubernetes Secrets Management on Production with Demo
 
Intelligent Cloud Conference 2018 - Building secure cloud applications with A...
Intelligent Cloud Conference 2018 - Building secure cloud applications with A...Intelligent Cloud Conference 2018 - Building secure cloud applications with A...
Intelligent Cloud Conference 2018 - Building secure cloud applications with A...
 
BuildStuff 2019: Let me handle that for you... Why you need a reverse proxy
BuildStuff 2019: Let me handle that for you... Why you need a reverse proxyBuildStuff 2019: Let me handle that for you... Why you need a reverse proxy
BuildStuff 2019: Let me handle that for you... Why you need a reverse proxy
 
OpenStack and Windows
OpenStack and WindowsOpenStack and Windows
OpenStack and Windows
 
Webinar - DreamObjects/Ceph Case Study
Webinar - DreamObjects/Ceph Case StudyWebinar - DreamObjects/Ceph Case Study
Webinar - DreamObjects/Ceph Case Study
 
Cocoapods in action
Cocoapods in actionCocoapods in action
Cocoapods in action
 
Leveraging NoSQL Database Technology to Implement Real-time Data Architecture...
Leveraging NoSQL Database Technology to Implement Real-time Data Architecture...Leveraging NoSQL Database Technology to Implement Real-time Data Architecture...
Leveraging NoSQL Database Technology to Implement Real-time Data Architecture...
 
stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...
stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...
stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...
 

Recently uploaded

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 

Recently uploaded (20)

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 

Kubernautes meetup II

  • 1. Kubernautes II Kubernautes II Meetup Vienna 18.10.2019 1
  • 2. Agenda • About ME2D • What’s AKS • Accelerate containerized application development • History of Hashicorp • Hashicorp Vault • Hashicorp Vault architecture • Hashicorp Vault Seal • Hashicorp Vault Setup • Policy-Authorization Workflow • How we use Vault and Consul 18.10.2019 2
  • 3. About ME2Digital • Aleksandar Lazic since ~20 years in IT • Since 2003 active in haproxy community • Since 2006 active in nginx community => nginxpert • Since ??? in curl active community • Since 2015 in openshift community • Stay always curious • I like what I do and I do it with passion ;-) • I founded ME2Digital in 2017 18.10.2019 3
  • 4. What’s Azure AKS • Azure Kubernetes Service • Launched Oct. 24th 2017 • Precursor was ACS (Azure container service) • More or less Vanilla Kubernetes ● HA Masters ● Nodes are Azure VM Machines ● “harden OS” • Registry own Product ACR (Azure container registry) • AKS SLA 99,5% “strive to attain” 18.10.2019 4
  • 5.
  • 6. History of Hashicorp • Hashicorp founded 2012 by Mitchell Hashimoto and Armon Dadgar • Some Products ● Vagrant => Virtualization tool ● Packer => Image creation tool ● Terraform => Provisionig tool ● Consul => DNS and Key Value Server ● Vault => Secrets Management Server 18.10.2019 6
  • 7. Hashicorp Vault • First release Apr. 28th 2015 ● https://www.hashicorp.com/blog/vault-announcement/ • Features ● Secrets Management (dynamic and static) ● Automatic TTL handling ● ACL’s and Auditing ● Multiple authentication methods ● Different versions available: OSS and Enterprise ● API Driven 18.10.2019 7
  • 8.
  • 9. Hashicorp Vault Seal https://www.vaultproject.io/docs/concepts/seal.html • Sealed by default ● When a Vault server is started, it starts in a sealed state. In this state, Vault is configured to know where and how to access the physical storage, but doesn't know how to decrypt any of it. ● Shamir's secret sharing algorithm ● https://en.wikipedia.org/wiki/Shamir's_Secret_Sharing ● Fist step is always to unseal the encrypted store ● Manual unseal ● https://www.vaultproject.io/docs/commands/operator/unseal.html ● Auto unseal ● https://www.vaultproject.io/docs/configuration/seal/azurekeyvault.html 18.10.2019 9
  • 10. Hashicorp Vault Setup • Configuration via HCL (HashiCorp configuration language) • Secrets engines https://www.vaultproject.io/docs/secrets/index.html ● Key / Value ● PKI • Different Backends ● For example Consul which is a HA one ● Overview of backends https://www.vaultproject.io/docs/configuration/storage/index.html • Setup Policies https://www.vaultproject.io/docs/concepts/policies.html 18.10.2019 10
  • 12. How we use Vault and Consul • Save users password in vault • Restrict access for applications • Get database access from vault • In combination with consul-template get app server access token • Create HAProxy configuration from consul services 18.10.2019 12
  • 13. Contact Information's • LinkedIn: https://www.linkedin.com/in/me2digital/ • SlideShare: https://www.slideshare.net/AleksandarLazic4 • Docker Hub: https://hub.docker.com/u/me2digital/ • GitHub: https://github.com/git001 • Twitter: @ME2Digital • HP: www.me2digital.com • E-Mail: office@me2digital.com • Slack: aleks-me2digital 18.10.2019 13