Видео

I think you're talking about two different things. HashiCorp Vault can integrate with external storage providers through its storage backends. These backends are used to persist the data that Vault manages, such as secrets and policies. Here are a few examples of external storage backends that Vault supports:Amazon S3: Vault can use Amazon S3 as a storage backend. You need to configure the S3 bucket and provide necessary credentials.Google Cloud Storage: Similar to S3, Google Cloud Storage can also be used as a storage backend for Vault.Azure Blob Storage: Vault supports Azure Blob Storage as well.Consul: While not strictly an "external" storage provider, Consul is commonly used with Vault for storage and high availability.DynamoDB: Vault can use AWS DynamoDB for storage, which helps in achieving high availability and reliability. In comparison to External Secrets Operator (ESO), which allows you to dynamically fetch secrets from various external secret management services into Kubernetes, Vault's external storage backends are primarily for persisting Vault's own data securely. However, Vault can also serve as a secret management service itself, and its secrets can be accessed by Kubernetes using integrations like the Vault Kubernetes Auth method and the Vault Agent Injector. Vault has a Vault Secrets Operator VSO similar to ESO. developer.hashicorp.com/vault/tutorials/kubernetes/vault-secrets-operator

I think you're talking about two different things. HashiCorp Vault can integrate with external storage providers through its storage backends. These backends are used to persist the data that Vault manages, such as secrets and policies. Here are a few examples of external storage backends that Vault supports:Amazon S3: Vault can use Amazon S3 as a storage backend. You need to configure the S3 bucket and provide necessary credentials. Google Cloud Storage: Similar to S3, Google Cloud Storage can also be used as a storage backend for Vault.Azure Blob Storage: Vault supports Azure Blob Storage as well.Consul: While not strictly an "external" storage provider, Consul is commonly used with Vault for storage and high availability.DynamoDB: Vault can use AWS DynamoDB for storage, which helps in achieving high availability and reliability. In comparison to External Secrets Operator (ESO), which allows you to dynamically fetch secrets from various external secret management services into Kubernetes, Vault's external storage backends are primarily for persisting Vault's own data securely. However, Vault can also serve as a secret management service itself, and its secrets can be accessed by Kubernetes using integrations like the Vault Kubernetes Auth method and the Vault Agent Injector. Vault has a Vault Secrets Operator VS0 similar to ESO. developer. hashicorp.com/vault/tutorials /kubernetes/vault-secrets-operator

What do you need help with?

Check out the backstage playlist for more videos showing what you’re asking

Great to hear! Thank you!

Yes for sure. I just need to find some time to get started

Thank you for the feedback and for the suggestion about the cloudflare provider

You have to use a utility that rotates the logs such as logrotate. You need to be careful because if you run out of disk space, Vault will stop working by design. I talk about all that in depth and give you the config in my Vault 202 course if you’re interested.

Thank you for letting me know

Glad to hear. Thank you for the feedback!

Not really, iirc it was the latest at the time.

In this video I actually don't deploy the node.js app. I recommend you watch this video which is part 2 of a two-part series where I show you how to deploy. ruclips.net/video/D_3q4HeAxp8/видео.html

I've seen that before and my issue was that there were no available IP addresses in the DHCP pool for the DHCP server to deliver. Not sure if that's the case with you

@@TeKanAid I am getting the same error creating a linux VM where DHCP is not enabled.

I recommend you watch this video and also part 2 of it. ruclips.net/video/iDOkgvz27iM/видео.html

Yes, absolutely! Some are shown on their website but many aren't.

Thank you! I wasn’t aware of Kratix till you mentioned it. Looks interesting. I’m thinking about doing one for Mia Platform. Thanks for sharing your interests.

Glad to hear it helped and you’re welcome!

You’re welcome!

That's awesome to hear! For someone transitioning from network engineering to DevOps, I'd suggest starting with these steps: First, get comfortable with a programming language like Python or Go. It's essential for scripting and automation tasks. Next, dive into version control systems, especially Git. Then, start learning about infrastructure as code (IaC) tools like Terraform and configuration management tools like Ansible. These will help you automate and manage infrastructure efficiently. Also, familiarize yourself with containerization technologies like Docker and orchestration tools like Kubernetes. Understanding CI/CD pipelines is crucial too, so tools like Jenkins or GitHub Actions are good to learn. Finally, consider getting hands-on experience with cloud platforms such as AWS, Azure, or Google Cloud, as cloud infrastructure knowledge is a big part of DevOps. I would suggest AWS since it has the largest market share. In all of your learning journey make sure to enrich your GitHub account with repos showing some hands-on projects you develop. This will become part of your resume. Of course I have some material on my RUclips channel and my blog posts along with courses I offer. You can check tekanaid.com/courses.

Thank you!

Wonderful, glad to hear

Hard to tell, try the suggestions from chatGPT below. The error you're encountering, `ServerFaultCode: Unexpected element tag "efiSecureBootEnabled"`, indicates that the element `efiSecureBootEnabled` is not recognized by the VMware vSphere server you're working with. This might be due to compatibility issues with the version of vSphere you're using or an incorrect configuration in your Packer template. Here's how you can troubleshoot and resolve this issue: 1. **Verify vSphere Compatibility**: Make sure that your version of vSphere supports the `efiSecureBootEnabled` element. If you are using an older version of vSphere, it might not recognize this element. 2. **Check Packer Template Configuration**: Ensure that your Packer template is configured correctly for the type of firmware you are using (BIOS or EFI). Here’s an example template for creating a Ubuntu image with BIOS firmware: ```json { "builders": [{ "type": "vsphere-iso", "vcenter_server": "your-vcenter-server", "username": "your-username", "password": "your-password", "insecure_connection": "true", "datacenter": "your-datacenter", "vm_folder": "your-vm-folder", "cluster": "your-cluster", "host": "your-host", "datastore": "your-datastore", "network": "your-network", "vm_name": "ubuntu-vm", "guest_os_type": "ubuntu64Guest", "firmware": "bios", // Change this to efi if you are using EFI "iso_paths": [ "[datastore1] path/to/your/ubuntu.iso" ], "ssh_username": "your-ssh-username", "ssh_password": "your-ssh-password", "ssh_wait_timeout": "30m", "shutdown_command": "echo 'your-ssh-password' | sudo -S shutdown -P now" }] } ``` 3. **Remove or Comment out `efiSecureBootEnabled`**: If you don't need secure boot, you can remove or comment out the `efiSecureBootEnabled` configuration in your Packer template. 4. **Update Packer Version**: Ensure you are using the latest version of Packer. Sometimes, bugs and issues are resolved in newer releases

Thank you, I’m using Terraform modules for AWS like the EKS one and Backstage is just calling a GitHub action to build everything. You can find more info in the blog post: tekanaid.com/posts/backstage-software-templates

It’s definitely possible to do both at the same time, however, I’d test it on a dev vault cluster to make sure everything works well before attempting it in production.

Thank you. Let's make sure we stop using static long-lived credentials!

I should have it in the repo under grafana provisioning data sources. iirc

Thanks, Shabbir!

I think I missed that part but I created a two-part series that go into this in more detail. The second part deploys a go API on kubernetes with Argo CD all with backstage as the portal. Here are the two videos. ruclips.net/video/iDOkgvz27iM/видео.html ruclips.net/video/D_3q4HeAxp8/видео.htmlsi=VGdkeMgG1S5h-_Z7

That’s an excellent question. I don’t see why we can’t use ArgoCD to sync Vault using Vault’s helm chart as long as Vault is running in K8s. The question is what to do with the Vault configuration. Most people use the Terraform provider for vault. I suppose we could look into crossplane so it’s K8s native. I haven’t looked to see if there is a Vault provider in Crossplane. I also believe crossplane can use Terraform providers so that’s another thing to look at. Finally, HashiCorp had a project where you can configure Terraform from within K8s, I can’t remember what that was, but also worth exploring.

@@TeKanAid Crossplane does seem to have Vault support, but it seems it may not be 'quite there' yet. Thanks for pointing me into that direction anyway, I can see some usage out of it still :)

@@pixeldrama-yt good to hear. Yeah, I really like crossplane

George, Amazing feedback! Thank you so much for taking the time to write this. I’ve been torn between showing my face during code demo and not. It’s actually easier not to. Also thanks for your thoughts on breaking up the content to simplify things!

Thanks, part 2 is already published and part 3 is released this Wednesday. It’s a fantastic product, love Port!

Thank you so much!

LOL thanks! We gotta have some fun with this!

You're welcome!

Yeah it's supposed to keep running. You might just see it in the dashboard Say idle

All my vault courses work with the open source self hosted some have sections about the enterprise, but you can skip over those if you’re not interested

Please suggest what are the course price

@@TeKanAidplease suggest the duration and price

@@Kk-rl7nv you can find all the details at tekanaid.com/courses. I have three vault courses. You can buy the courses individually or you can subscribe to a plan that gives you access to all my courses, not just the vault ones. You can access the subscriptions at tekanaid.com/pricing

You’re welcome!

You’re welcome, Samet!

I asked that question to the port team and they referred me to this link you can take a look www.getport.io/security#can-i-deploy-port-on-premise The only self hosted developer portal that I know is backstage. I have a few videos on that, but it really has a steep learning curve, and a lot of coding is necessary.

@@TeKanAid Thanks! Your efforts are much appreciated.

Thanks, Amr!

not sure what you mean, so you don't want to run terraform init to download the providers? Are you running in an air-gapped environment? If so, check out this article: medium.com/@andris_dev/deploy-your-components-with-terraform-and-gitlab-ci-in-air-gapped-environments-terraform-ce-1c05004a6d2

So nice of you, Rajesh! Thank you for your kind words.

I've updated the image to FROM jenkins/jenkins:2.456 which is the latest at this time.

You can fork the repo and update the dockerfile.

I see what you mean, the Docker image being based on a newer Debian version that restricts pip from installing packages globally to prevent conflicts with the system-managed packages. This is a feature designed to safeguard the integrity of the system's Python environment. I made the update to the Dockerfile and works well now.

That's great, thanks for sharing! Yeah definitely it will open new doors for you. All the best!

@@TeKanAid thanks for the answer, it means a lot to me to get an expert aproval