Free SSL Certs in Kubernetes! Cert Manager Tutorial
Vložit
- čas přidán 7. 06. 2024
- In this Video, I show you how to manage your SSL Certs in Kubernetes with Cert-Manager. We will create free SSL certificates with Letsencrypt and use them in Traefik Ingress Controller. #Kubernetes #Certmanager #Letsencrypt
Kubernetes Playlist: • Kubernetes explained s...
Cert-Manager: cert-manager.io
Boilerplates: github.com/christianlempa/boi...
CIVO-*: civo.com/thedigitallife
Follow me:
TWITTER: / christianlempa
INSTAGRAM: / christianlempa
DISCORD: / discord
GITHUB: github.com/christianlempa
PATREON: / christianlempa
MY EQUIPMENT: kit.co/christianlempa
Timestamps:
00:00 - Introduction
00:38 - Why use Cert-Manager?
02:42 - The Demo Setup
03:04 - Advertisement-*
03:26 - Create a new Kubernetes Cluster
04:29 - Install Cert-Manager
06:06 - Create a ClusterIssuer
10:43 - Create a Certificate
12:50 - Troubleshooting
14:02 - Use our Cert in Traefik Ingress
________________
All links with "*" are affiliate links.
This video is stunning, as are all of your videos. You are actually explaining complicated concepts in simple terms, delivering knowledge to your viewers. Much appreciated!
Thank you so much :)
OMG i can't thanking you enough for this video. I have watched it 100 times. Clutch.
Muchas gracias. Estoy aprendiendo kubernetes y cada vez me motiva mas aprenderlo porque me hace las cosas mucho mas faciles que docker y portainer. Ademas de que lo siento más rápido en todos los aspectos.
Nice work man. I appreciate it as I have been overthinking TLS for awhile now and your video helped to simplify it for me.
Thank you! 😀
great video! I just setup cert-manager + traefik a few days before and was able to verify my steps in my scripts. so thanks for the "missing piece"!
You're welcome! :)
thanks so much, this really helped me understand cert-manager - especially the DNS01 challenge bit.
Thanks for the videos. I’ve learnt a lot from you. Keep continuing uploading videos like this.
Thanks! Of course I'll do 😀
Your videos are superb, I learned so much
Very useful! I've tinkered around with this quite a bit and honestly the http challenge stuff is quite a pain.
I really enjoyed the tutorial and thanks a lot, it answers many questions.
Thank you! Great it helped you ;)
@@christianlempa Can you please tell me which terminal you use and how did you shortcut the commands of kubectl like kubectl switch to specific namespace
@@christianlempa Also can you please provide any configuration needed when enable proxy on dns record in cloudflare because it is mandatory to use proxy setting for the dns record
Hi Christian,
trying to follow your tutorial, but what exactly is "example-issuer-account-key"?
you saved my day!
Great tutorial, really nice educational content. I have a question:
I've noticed that you've disabled 'proxy' at 12:30 ; what if you want to keep it (i.e. keeping a secure connection between *both* the user and CF, and CF and the cluster)?
How would you do that?
Thanks for the video! 🤩
You can of course enable it, I disabled it to show how the cert-manager certificate is working.
do you have to use a dns zone? For example I just want to use the dns that AWS or Azure gives me.
when we use this for multiple applications, do I need to create seperate namespace for each certificate ?
Would be possible to create a certificate to be used only for a local service ("home lab") but using the cloudflare to answer the dns01 challenge?
Hi, do I have to open port 80 on public rule to make the certificaterequest "true" state ?
I use cert manager + ingress for a long time, but its the first time that I understand how to troubleshooting it
Cool! I'm glad it was still useful 😀
If you want to know what cert-manager is doing you can check the logs of the cert-manager pods with "kubectl logs", I use that to troubleshoot as well (I made a video on how to do this but with duckdns but is in spanish only, for now). I really like the quality of this video and the way it is explained.
@@javi_labs3769 thank you Javi, I'll take a look
Obrigado
Awesome
Thx
Awesome video, very informative thank you.
I screwed up when I was trying to setup Argo on my cluster, I deleted and applied it a good few times and sadly I exceeded the limit on Lets Encrypt, so I am blocked for a week.
You're welcome. Ouch, that happened to me as well in the past :D
Y
R
ok, what if you dont know the cluster t12:32 and you want wild card cert?
Nice
Thx
Hey, First of all, Thanks a lot for the video!
In my case the "Waiting on certificate issuance from order" stays for ever!! Any idea what the issue could be?
Take a look at the troubleshooting guides on cert-managers docu, they help a lot!
Do you know how to include multiple wildcard certificates (Lets Encrypt for external domain & self signed for internal domain) in Traefik? You can't read the secret (wildcard certificate) which lives in a central namespace from an ingress object in a different namespace. The documentation is unfortunately pretty bad at Traefik :/
You can still manage self-signed certs in cert-manager, so why not do this instead of traefik?
Nice Tutoria
Do you have any tutorial for setting Free SSL Certs in Docker via docker-compose file!?
I have done a tutorial about Traefik and NPM in Docker, Maybe that's helpful to you!
@@christianlempa kindly share the links
Wow, you explained it so nice that it now seems,as it called in German: einfach 😅😅
Thank you :D
Another thing to note is that one should specify a different DNS server like gdns or cldflre for cert-manager, as the DNS-01 challenge will be drastically faster and you will then also be able to use split DNS for local DNS resolution of your domain.
Sounds interesting, but I have no idea what you're talking about :D Could you share some more information with me? Maybe in Discord or Mail? Thank you!
is your domain registar also cloudflare?
Yes for some domains
Can you make a video on how to setup haproxy as reverse proxy for home server like for plex, etc.,
Maybe, I'll need to check ;)
I have a question can you help.
the "name: example-issuer-account-key" is unclear.
This was an absolute pain, but not your fault. GKE was not cooperating lol. Besides, in my case I had to specify the namespace of cert-manager for the cloudflare apikey in order for it to work. Just letting you know guys
Where's treaefik?
can you do devops pls.// leave linux and version control we already have alot of vedios // help me out o=for junior devops role.
Why leave out these great topics?
fyi CRDs = Custom Resource Definitions, not Role
Oh yep that’s true xD
Thank you, very good! is there a way you could share the file nginx-test.yml please?