Automatically Provision TLS Certificates in K8s with cert-manager
Vložit
- čas přidán 6. 04. 2018
- Have you ever forgotten to renew a TLS Certificate and your users saw an expiered Certificate warning? Or do you find dealing with TLS Certificates and Certificate Authorities really tedious? Then this is the right video for you!
Learn how to automate the provisioning of TLS certificates with a Kubernetes tool called cert-manager by jetstack. At the same time you'll learn a bit about Kubernetes CustomResourceDefinitions and how they interact with Controllers. - Věda a technologie
![Certifik8s: All You Need to Know About Certificates in Kubernetes [I] - Alexander Brand, Apprenda](/img/n.gif)
Great video. Can't wait for the letsencrypt one :)
Great talk. It's very helpful. Thank you.
This is a great video. Thank you!
Nice video. In a case where you don't trust your internal network, how do you encrypt the traffic between the ingress and the service itself ? I mean end-to-end encryption ?
Great video, thanks!
Love your videos please create more stuff related to k8s
Thank you Soooooooooooooooo Much :)
Very good! Thanks!!!
(3:40) in order to disable webhook...
helm install --name cert-manager --namespace kube-system --set rbac.create=true --set webhook.enabled=false stable/cert-manager
how do you modify a command line with vim? I mean, you have something written in your terminal and you jump straight to vim to edit it. How do you do that?
I always ask myself how did he get that knowledge, idk if he has read the RFC of TLS or by reading blogs? does anyone would recommend the best way, I always end by reading RFC but at the end some keyword cannot be understood at all. thanks
for the last part, how can we verify using `curl` ? otherwise, nice and very informative helpful video
Last step does not create secret for me, also the events are showing blank for me. FYI - It created certificate successfully but not secret. Am I doing something wrong?
Great video! Thanks! Do you have any example of spring boot app using embedded tomcat server and deploy to kubernetes work with Https cert? We use keytool java command to export and import key store etc. thanks!
The beauty of containerization and kubernetes is that the processes work regardless of the implementation inside the containers. So, what's shown in the video will also work with a Java/Tomcat based app. You should decide if it's sufficient for your use case that TLS termination happens at the level of the ingress controller (this means traffic inside the cluster is not encrypted). Because then the process outlined here (or a similar one in the GKE ManagedCert video) works without any changes. If you absolutely need TLS termination to happen inside your container (all traffic, even inside the cluster is encrypted) then you can probably still use cert-manager to do so. Cert-manager is mostly an automation tool around completing the required Let's Encrypt challenges. As shown in the vid, the final cert once obtained is saved in a Kubernetes Secret. You can mount this secret (like any other k8s secret) to your application pods if you want. This then means that you effectively have both the private key as well as the .crt file available in your app. I'm not a Java dev (and not familiar with Tomcat), but I assume once you have those files (which is the hard part, as only the CA can sign the Cert) you can easily use them inside your containers. After all, from the perspective of the container (and this is another thing that makes this process so beautiful) it just happens to live in the local file system - without having to know where it came from :) Hope this helps a bit, for further info I'd recommend you to get familiar with the cert-manager docs. Best of luck!
How do I https 2 dots on my phone
great vid
Will it fix tls cert error 509 bunch of ips?
Great video says I won a car
now more simple, cert-manager.io/docs/installation/kubernetes/ Verifying the installation example with self cert
I can hear mechanical keyboard ;)
You’re not wrong ;-)