Self signed Kubernetes SSL certificate // easy guide

The only certificate, that is self signed, is the certificate of the CA (as with every Root CA). So the rest of the certificates like the one for your nginx is a signed certificate - it’s signed by a non public CA but it is not self signed.
But despite of this detail your explanation is very useful for getting better view on certificates in common and on Kubernetes in particular.

Hey Christian, hopefully you have enjoyed your holidays!
Thanks for this video and good explanation! In my opinion all of your tutorials are really valuable. Keep on going this good work and as we can see, your community is growing and growing... :-)

To everyone who wondered which tool was used to draw the ascii diagram @11:47 …
Not exactly sure which particular one did Christian use (would be nice to know), but such diagrams can be created with tools like ‘asciiflow’ and ‘asciio’

Sounds like a bit complicated, but your delivery is quite clear, and I would give it a try on my home lab! Thanks!

You can use kubectl create secret with -from-file flags to upload the contents. I haven’t tried it from windows though

Thank you! Quick and precise.

This video es super clear. Could you please tell us which software do you use to show the Architecture Diagram (from Powershell)?

Hi, thanks for the amazing contents! Could you also share the name of the tool that you use for drawing the diagram in markdown?

This is super awesome. Keep going !

Thank you ! Best teacher

you can use stringData instead of data in your secret manifest and paste multiline pem certs instead of base64 string

LabCA is also an interesting one , it's actually a community build of Boulder , the same ACME CA backend used by Let's Encrypt

Followed and subscribed. Thanks for your guidance.

Hi, your tutorials helped me a lot. can you do a tutorial about hosting gristlabs/grist with portainer. please?

Thx, bro! U are my hero)

What an awesome guide and very clear on the steps, thanks for your time. I followed the steps but i end up with this error message "message: 'Error getting keypair for CA issuer: certificate is not a CA'" when creating the cluster issuer which isn't the case in your video. What am i missing? Thanks again for the time invested

This works but there is also the option of having certmanager automate creating the self signed certificate and secret.

Great guide. I've followed it but made some changes. I created an intermediate certificate signed by my Active Directory root CA and uploaded the chain to cert-manager. It's working great. I wanted to change the certificate of Rancher and Portainer, but Helm installation automatically creates an Issuer for the namespace, so I don't know exactly how should I change them.

HI , This tutorial is good . thanks lot for sharing info . when i try to install cert-manager using helm ... cert-manager helm status shown as pending-install and my kuberates version v1.23.3... can you share your suggestion on this

This video give a super clear explanation about issuer and certificate.
Is it right to say that the benefits over let’s Encrypt certificate is to be more independent as we do not expose it to internet?

Hi, can you make a tutorial how to redirect IP address automatically to domain When using nginx proxy manager to manage containers reverse proxy.

Thank you for the video.
I am trying to secure a mosquitto broker using k8s cluster and exposed with a loadbalancer, can this implementation be used to secure the mqtt connection?

Hi Christian, I have weird question) How you did scheme on timeline 11:46 ?

Is there any way to have ssl certificates inside twingate in this kubernetes environment?

diagram at 12:00, did you use some tool, or made it manually?
about base64 and secrets, just use stringData insead of data and put them straight into the secret, no need to encode them

How to manage windows server data real time backup i can purchase to servers

Which VSC theme & font are you using?

I followed the exact tutorial, but traefik is unable to find the middleware, saying it doesnot exist.
Can anyone help on this??

Base64: from a stackOverflow answer this should be the solution and I also had to use certutils for importing a certificate to ADS in Windows Server 2012:
> Windows comes with certutil.exe (a tool to manipulate certificates) which can base64 encode and decode files.
> certutil -encode test.exe test.txt
> certutil -decode test.txt test.exe
Additional M$ has a documentation "Convert file to Base64 string format" with this one-liner:
> [convert]::ToBase64String((Get-Content -path "your_file_path" -Encoding byte))

Tried this method, doesn't work. Had an issue with the RSA structure being too large after encoded. Just a heads up.

Use git-bash or WSL2 instead.

Bro all we care about is whether or not an American style Kölsch counts as a REAL Kölsch.

Shell theme is so cool.
Could someone please help me with the name of the theme

how to base64 in powershell?
docker run -it bash XD

Doing it under windows -> install wsl2 and use linux there 😂

SSL Certificate and Easy Guide should never be used in the same statement

How can I contact you +

i have tried using in windows using physical location it worked for me to convert self-signed certificate > cat C:\\Users\\username\\ca.crt | base64 -w 0

May be you can try like this for encoding with Base64 with Powershell
Encoding:
$Cert = ‘This is a secret'
$Bytes = [System.Text.Encoding]::Unicode.GetBytes($Cert)
$EncodedText =[Convert]::ToBase64String($Bytes)
$EncodedText

You can try this for PowerShell Core:
[Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(@(Get-Content ca.crt)))