Self signed Kubernetes SSL certificate // easy guide

Показать описание

In this video I will explain how to use local self-signed certificates for your bare-metal Kubernetes Clusters in your Home Lab. We'll use Cert-Manager and OpenSSL to create a Certificate Authority that is trusted in your local network. And then create a valid certificate for a demo project. #Kubernetes #Certmanager #SSL

Follow me:

Timestamps:

00:00 - Introduction
00:47 - Advertisement-*
01:27 - How HTTPS works in local networks
02:29 - What is Cert-Manager
04:00 - Create a Certificate Authority
05:34 - Create a ClusterIssuer
09:30 - Create a valid Certificate
11:41 - Recap and Outcome

________________
All links with "*" are affiliate links.

Christian Lempa

Рекомендации по теме

Комментарии

The only certificate, that is self signed, is the certificate of the CA (as with every Root CA). So the rest of the certificates like the one for your nginx is a signed certificate - it’s signed by a non public CA but it is not self signed.
But despite of this detail your explanation is very useful for getting better view on certificates in common and on Kubernetes in particular.

digitus

Hey Christian, hopefully you have enjoyed your holidays!
Thanks for this video and good explanation! In my opinion all of your tutorials are really valuable. Keep on going this good work and as we can see, your community is growing and growing... :-)

TheArtemus

To everyone who wondered which tool was used to draw the ascii diagram @11:47 …
Not exactly sure which particular one did Christian use (would be nice to know), but such diagrams can be created with tools like ‘asciiflow’ and ‘asciio’

DmitryTsarev

Sounds like a bit complicated, but your delivery is quite clear, and I would give it a try on my home lab! Thanks!

vitusyu

Muchas gracias por compartir esta informacion Christian.

luciano

You can use kubectl create secret with —from-file flags to upload the contents. I haven’t tried it from windows though

guyfeldman

ok looking forward to learn about self signed certificate on local network without need to be connected to internet .

ethangender

Followed and subscribed. Thanks for your guidance.

Lamnt

This video es super clear. Could you please tell us which software do you use to show the Architecture Diagram (from Powershell)?

MatiasFranci

LabCA is also an interesting one, it's actually a community build of Boulder, the same ACME CA backend used by Let's Encrypt

alex.prodigy

Hi, thanks for the amazing contents! Could you also share the name of the tool that you use for drawing the diagram in markdown?

kevinyu

Hi, your tutorials helped me a lot. can you do a tutorial about hosting gristlabs/grist with portainer. please?

dr.wordpress

you can use stringData instead of data in your secret manifest and paste multiline pem certs instead of base64 string

dmsi

What an awesome guide and very clear on the steps, thanks for your time. I followed the steps but i end up with this error message "message: 'Error getting keypair for CA issuer: certificate is not a CA'" when creating the cluster issuer which isn't the case in your video. What am i missing? Thanks again for the time invested

paparoup

This works but there is also the option of having certmanager automate creating the self signed certificate and secret.

dillanteagle

Great guide. I've followed it but made some changes. I created an intermediate certificate signed by my Active Directory root CA and uploaded the chain to cert-manager. It's working great. I wanted to change the certificate of Rancher and Portainer, but Helm installation automatically creates an Issuer for the namespace, so I don't know exactly how should I change them.

andibiront

diagram at 12:00, did you use some tool, or made it manually?
about base64 and secrets, just use stringData insead of data and put them straight into the secret, no need to encode them

squalazzo

Hi Christian, I have weird question) How you did scheme on timeline 11:46 ?

Resulok

This video give a super clear explanation about issuer and certificate.
Is it right to say that the benefits over let’s Encrypt certificate is to be more independent as we do not expose it to internet?

MrToup

Thank you for the video.
I am trying to secure a mosquitto broker using k8s cluster and exposed with a loadbalancer, can this implementation be used to secure the mqtt connection?

hussamhyari

Self signed Kubernetes SSL certificate // easy guide

Self signed Kubernetes SSL certificate // easy guide

Free SSL Certs in Kubernetes! Cert Manager Tutorial

Implementation of Self Signed SSL in Kubernetes

#kubernetes, How to Setup SSL Certificate In kubernetes Ingress.

How to Create SSL/TLS Certificate for Ingress Controller | Kubernetes Tutorial Part 11

Injecting self-signed SSL certs in k8s hosted apps

Kubernetes For Beginners | Kubernetes Security | Create TLS/SSL certificates | Context | Users

Free SSL for Kubernetes with Cert-Manager

Mastering Kubernetes API Security and Network Policies

Manage SSL Certificates in Kubernetes with cert-manager

Kubernetes - HTTPS ingress controller with your own TLS certificate

Kubernetes Secret tls using self signed cert

How to use cert manager to create and manage TLS certificates on kubernetes

Kubernetes HTTPS with cert-manager and Let's Encrypt

Quick and Easy Local SSL Certificates for Your Homelab!

Self-signed certificates for ingress using Cert-Manager on Kubernetes + Traefik Ingress

How to create a valid self signed SSL Certificate?

How to create a TLS/SSL certificate with a Cert-Manager and Let's Encrypt in Azure AKS? | AKS

Day 21/40 - Manage TLS Certificates In a Kubernetes Cluster - Create Certificate Signing Request

Let's Encrypt SSL Certificates for Kubernetes with cert-manager

Create a Kubernetes TLS Ingress from scratch in Minikube

TLS certificate for Kubernetes Pod

How to setup SSL/TLS certificate on ingress controller for Kubernetes Cluster

Cert Manager on Kubernetes with Istio Ingress Gateway (Self signed Root CA)