Kubernetes - Manage TLS Certificates, CA, Certificate Signing Request CSR, Signers, Usage
ฝัง
- เผยแพร่เมื่อ 15 ก.ค. 2024
- Kubernetes - Manage TLS Certificates, CA, Certificate Signing Request CSR, Signers, Usage
Chapters
00:00 About
00:08 Https - TLS
02:30 1st TCP - Connection
03:32 2nd TLS Handshake
05:03 CA Types
07:19 Certificate Signing
09:50 Kubernetes CA About
12:54 Kubernetes Various CAs
15:58 Kubernetes Certs & Its CA mapping
17:57 Kubernetes Components and Its certs
19:56 How Kubelet gets certificate for node
22:53 Kubernetes TLS Communication types
31:17 CSR Manifest Explanation
35:54 CSR signers
36:23 CSR Key Usage
36:59 CSR commands
37:31 CSR with Custom CA steps
39:36 CSR Use Case
40:40 CSR Demo 1
52:45 CSR Demo 2
Liinks:
kubernetes.io/docs/reference/...
kubernetes.io/docs/tasks/tls/...
github.com/kubernetes/enhance...
github.com/kelseyhightower/ku...
serverfault.com/questions/970...
CKS playlist: • Certified Kubernetes S...
Connect with me on Slack: join.slack.com/t/learnwithgvr...
Like, Comment & Subscribe Learn with GVR
#cks #kubenetes #kubernetessecurity #k8s #learnwithgvr
Excellent explanation with all your expertise, Dear GVR. I'm sure this content of yours will stay at the top among all for many more years. Thank you for making it easy to understand.
My pleasure, keep learning
Thank you so much for this great tutorial; I had a problem with my headphones
Thanks for the feedback, keep learning
this is great work. you are a life saver. keep it coming!
Thank you 👍
Awsome content. One of the best video I have ever seen in TH-cam on this topic
Thank you pls subscribe and keep learning
Great tutorial done with zeal and genuine desire to share.
Thank you for this Venkat!
Thank you
Very good information. Much needed.
Thank you
Excellent explanation. Thanks a ton !
Thank you for the feedback,👍
Good one with good insight on K8 certificates & secure communication
Thank you and keep learning
Amazing work, Venkat! 👌🏻👌🏻👌🏻
Thanks a ton
Amazing tutorial on K8Certs. Really superb. First 40 minutes are really outstanding but from there I felt little complicate. May be too much depth of k8. Thank you very much for your great efforts. 🤗
Thanks Bro ..keep learning
Gem 💎 of an explanation
Thank you Prashant
Best tutorial to understand kubernetes certificates.
Thank you Pravin... Please watch my other videos yoo
Thank you Venkat for this hard work & sharing this valuable knowledge.
My pleasure Pravin
Super video GVR sir ,you are the best Teacher
My pleasure
Really excellent explonation....so far i have not seen this kind of explonation in TH-cam....keep going and do more videos.....
Thanks a ton, i will
Excellent video , keep making such good videos. Thanks Venkata
Thank you Durgarao
Keep making videos someday you will beat UDEMY we like depth content. thanks GVR.
My pleasure
awesome content man..well explained, thanks
Glad to hear the feedback. Thank you Suraj, keep learning
Very resourceful. Thank you for putting in the time and effort.
Note: I quite new to administering/managing certificates and there's not alot of resources to dumb it down to newbies. Your video did alot for me.
Quick question: I have a wild card SSL certificate that was issued by an approved CA.
My use case is to have this in my kube cluster and managed by cert-manager. thus certmanager will issue subdomain certs as required.
How do I; if possible, create a CA certificate using my existing wild card SSL cert to achieve this?
Thanking you
Thanks for your feedback.
For your question, you have to provision kubernetes cluster manually (just google it..kubernetes hard way github), there you can create your own CA for entire cluster. To create CA from wildcard certificate... you have check 2 things...
1) contact your actual CA, get Intermediate CA,
2) use that Intermediate CA and provision k8s cluster
Its complicated use case...just try to see how the setup done for EKS or AKE ot GKE clusters how they setup their CA's
Thanks for this video, Venkat! It is very informative and well detailed.
Question: I have to secure inter pod communication (not with api server) in my cluster. Could I use CSR for this need?
CSR is kubernetes resource type, allows any client to issue x.509 certificate with some Signer, then you will be using that signed certficate to/from communication with Kubernetes API server.
What is your use case? if your one of the service being used as webhook for admission controller then you need CSR.
Refer the video from here: th-cam.com/video/OHmgb7h-2-g/w-d-xo.html
@@learnwithgvr Thanks for a quick response.
Use case: I have to host a http server to which clients can upload and download files. All clients are hosted within the cluster and communication is 100% internal to cluster. I plan to use self signed certificate to enable tls in this setup. To save effort in adding cert to CA of all the clients, I am exploring CSR option.
Bro superb teaching looking for RBAC service
Thank you and please look at my RBAC video
th-cam.com/video/CTtfxsqCIdw/w-d-xo.html
would like to see CA rotation video incase cluster kube admin config was compromised how it could be rotated
Thank you & Appreciate your Suggestions.
CA rotation detailed steps in documentation. Will try video
kubernetes.io/docs/tasks/tls/manual-rotation-of-ca-certificates/