How to Use AKS Pod Identity with Vault
Feb 27, 2020
Learn one method for providing Kubernetes pods authenticated access to secrets stored in HashiCorp Vault. This is a method that uses Azure Kubernetes Service (AKS).
When running a Kubernetes cluster, you may want to secure secrets outside the cluster. But how do you provide pods authenticated access to secrets stored in something like HashiCorp Vault?
Using AKS Pod Identity
One possible solution comes from the Azure Kubernetes Service, which has the ability to use Azure Active Directory to authenticate running pods.
What You'll Learn
In this talk, you will see how Vault can use Azure Active Directory authentication to allow pods running on AKS to access secrets stored in Vault. First, Ned Bellavance will walk through the setup of AKS with Pod Identity. Then he will deploy a Vault cluster and enable Azure authentication. Finally, he will deploy an application on the AKS cluster and retrieve a secret from the Vault cluster. By the end of the talk, you'll be ready to go out and implement this solution in your environment.
See a demo showing how Vault can use Azure Active Directory authentication to allow pods running on AKS to access secrets stored in Vault.
You can find the example used in this talk in this GitHub repo