Excellent explanation with all your expertise, Dear GVR. I'm sure this content of yours will stay at the top among all for many more years. Thank you for making it easy to understand.
Amazing tutorial on K8Certs. Really superb. First 40 minutes are really outstanding but from there I felt little complicate. May be too much depth of k8. Thank you very much for your great efforts. 🤗
Thank you & Appreciate your Suggestions. CA rotation detailed steps in documentation. Will try video kubernetes.io/docs/tasks/tls/manual-rotation-of-ca-certificates/
Very resourceful. Thank you for putting in the time and effort. Note: I quite new to administering/managing certificates and there's not alot of resources to dumb it down to newbies. Your video did alot for me. Quick question: I have a wild card SSL certificate that was issued by an approved CA. My use case is to have this in my kube cluster and managed by cert-manager. thus certmanager will issue subdomain certs as required. How do I; if possible, create a CA certificate using my existing wild card SSL cert to achieve this? Thanking you
Thanks for your feedback. For your question, you have to provision kubernetes cluster manually (just google it..kubernetes hard way github), there you can create your own CA for entire cluster. To create CA from wildcard certificate... you have check 2 things... 1) contact your actual CA, get Intermediate CA, 2) use that Intermediate CA and provision k8s cluster Its complicated use case...just try to see how the setup done for EKS or AKE ot GKE clusters how they setup their CA's
Hi Venkat, Thanks for video. Just simple quesition - why did the venkat user you created did not get permission to list pods in the end? It was saying forbidden.
Sorry for late reply, good point, here something wrong with RBAC role, role binding permissions which i missed due to video legth not extended, need to grant necessary permissions to namespace, after that it will work as expected. Here my idea to show how the dedicated user will be created with K8s signer.
Thanks for this video, Venkat! It is very informative and well detailed. Question: I have to secure inter pod communication (not with api server) in my cluster. Could I use CSR for this need?
CSR is kubernetes resource type, allows any client to issue x.509 certificate with some Signer, then you will be using that signed certficate to/from communication with Kubernetes API server. What is your use case? if your one of the service being used as webhook for admission controller then you need CSR. Refer the video from here: th-cam.com/video/OHmgb7h-2-g/w-d-xo.html
@@learnwithgvr Thanks for a quick response. Use case: I have to host a http server to which clients can upload and download files. All clients are hosted within the cluster and communication is 100% internal to cluster. I plan to use self signed certificate to enable tls in this setup. To save effort in adding cert to CA of all the clients, I am exploring CSR option.
![Certifik8s: All You Need to Know About Certificates in Kubernetes [I] - Alexander Brand, Apprenda](/img/n.gif)
Excellent explanation with all your expertise, Dear GVR. I'm sure this content of yours will stay at the top among all for many more years. Thank you for making it easy to understand.
My pleasure, keep learning
Best tutorial to understand kubernetes certificates.
Thank you Pravin... Please watch my other videos yoo
Thank you so much for this great tutorial; I had a problem with my headphones
Thanks for the feedback, keep learning
Really excellent explonation....so far i have not seen this kind of explonation in TH-cam....keep going and do more videos.....
Thanks a ton, i will
Great tutorial done with zeal and genuine desire to share.
Thank you for this Venkat!
Thank you
Awsome content. One of the best video I have ever seen in TH-cam on this topic
Thank you pls subscribe and keep learning
Good one with good insight on K8 certificates & secure communication
Thank you and keep learning
Excellent video , keep making such good videos. Thanks Venkata
Thank you Durgarao
Amazing tutorial on K8Certs. Really superb. First 40 minutes are really outstanding but from there I felt little complicate. May be too much depth of k8. Thank you very much for your great efforts. 🤗
Thanks Bro ..keep learning
Excellent explanation. Thanks a ton !
Thank you for the feedback,👍
Thank you Venkat for this hard work & sharing this valuable knowledge.
My pleasure Pravin
Super video GVR sir ,you are the best Teacher
My pleasure
Very good information. Much needed.
Thank you
this is great work. you are a life saver. keep it coming!
Thank you 👍
would like to see CA rotation video incase cluster kube admin config was compromised how it could be rotated
Thank you & Appreciate your Suggestions.
CA rotation detailed steps in documentation. Will try video
kubernetes.io/docs/tasks/tls/manual-rotation-of-ca-certificates/
Gem 💎 of an explanation
Thank you Prashant
Bro superb teaching looking for RBAC service
Thank you and please look at my RBAC video
th-cam.com/video/CTtfxsqCIdw/w-d-xo.html
Amazing work, Venkat! 👌🏻👌🏻👌🏻
Thanks a ton
Very resourceful. Thank you for putting in the time and effort.
Note: I quite new to administering/managing certificates and there's not alot of resources to dumb it down to newbies. Your video did alot for me.
Quick question: I have a wild card SSL certificate that was issued by an approved CA.
My use case is to have this in my kube cluster and managed by cert-manager. thus certmanager will issue subdomain certs as required.
How do I; if possible, create a CA certificate using my existing wild card SSL cert to achieve this?
Thanking you
Thanks for your feedback.
For your question, you have to provision kubernetes cluster manually (just google it..kubernetes hard way github), there you can create your own CA for entire cluster. To create CA from wildcard certificate... you have check 2 things...
1) contact your actual CA, get Intermediate CA,
2) use that Intermediate CA and provision k8s cluster
Its complicated use case...just try to see how the setup done for EKS or AKE ot GKE clusters how they setup their CA's
Its 💎. Thanks alot
Thanks Bro
Hi Venkat,
Thanks for video. Just simple quesition - why did the venkat user you created did not get permission to list pods in the end? It was saying forbidden.
Sorry for late reply, good point, here something wrong with RBAC role, role binding permissions which i missed due to video legth not extended, need to grant necessary permissions to namespace, after that it will work as expected. Here my idea to show how the dedicated user will be created with K8s signer.
awesome content man..well explained, thanks
Glad to hear the feedback. Thank you Suraj, keep learning
Keep making videos someday you will beat UDEMY we like depth content. thanks GVR.
My pleasure
Thanks for this video, Venkat! It is very informative and well detailed.
Question: I have to secure inter pod communication (not with api server) in my cluster. Could I use CSR for this need?
CSR is kubernetes resource type, allows any client to issue x.509 certificate with some Signer, then you will be using that signed certficate to/from communication with Kubernetes API server.
What is your use case? if your one of the service being used as webhook for admission controller then you need CSR.
Refer the video from here: th-cam.com/video/OHmgb7h-2-g/w-d-xo.html
@@learnwithgvr Thanks for a quick response.
Use case: I have to host a http server to which clients can upload and download files. All clients are hosted within the cluster and communication is 100% internal to cluster. I plan to use self signed certificate to enable tls in this setup. To save effort in adding cert to CA of all the clients, I am exploring CSR option.