K3S + Nginx + Cert-Manager + LetsEncrypt | HTTPS for your Kubernetes (K8s) Cluster | Tutorial

แชร์
ฝัง
  • เผยแพร่เมื่อ 27 พ.ย. 2024

ความคิดเห็น • 57

  • @CloudVersityOfficial
    @CloudVersityOfficial  3 ปีที่แล้ว +1

    I just recognized, that I linked to the wrong Twitter profile in this video :D
    🔥 Social Media 🔥
    Twitter ► twitter.com/cloud_versity
    Instagram ► instagram.com/cloudversity

  • @Izbogud
    @Izbogud 2 ปีที่แล้ว +3

    One more fan here! I think it is really awesome that you are not editing out the problems you stumble upon while doing the demo (like the rate limit here).
    This is so much better than following the happy path only - not only it is more realistic but it also shows that people shouldn't be discouraged when they stumble upon some unexpected problems as this is a perfectly normal thing and it happens to others as well.
    And for the intro - it was great in my opinion, as it is much more helpful to explain the principle correctly instead of worrying about fancying it up.
    Keep those videos coming, as others have mentioned - your explanations are simple and combined with your calmness - it is pleasure to listen as you present!

    • @CloudVersityOfficial
      @CloudVersityOfficial  2 ปีที่แล้ว +1

      What an awesome feedback! Thanks a lot for your kind words.

  • @MichaElonVideo
    @MichaElonVideo 2 ปีที่แล้ว +2

    haaa durch zufall entdeckt! genau mein thema!

  • @deepanshubatra3235
    @deepanshubatra3235 2 ปีที่แล้ว +1

    Very well Explained , Though one can find many tutorials about this topic over internet but the way you explained with calmness and simplicity is really nice... gut gemacht:)

  • @codelinx
    @codelinx 8 หลายเดือนก่อน

    Such a great video. Very well explained and good pacing.... Thanks!

  • @christophern.9049
    @christophern.9049 3 ปีที่แล้ว +3

    Wie immer einfach erklärt, danke!

  • @jhonatanrmagalhaes
    @jhonatanrmagalhaes 2 ปีที่แล้ว +1

    Hello, you gained one fan over here, please post more videos, they are very helpful !! Thank you

    • @CloudVersityOfficial
      @CloudVersityOfficial  2 ปีที่แล้ว

      Hej "nerd" (username checks out) ;)
      Thanks for the kind words. I'll try to ramp up the amount of videos next year. I currently have a lot of privat stuff going on which really limits the time I can spend on this channel :/

  • @jdubeau007
    @jdubeau007 2 ปีที่แล้ว +1

    Your videos have convince me to try out K3s. I'm working on KCAD and have setup k8 on different provides including linode.
    I love spinning up linux server on linode to test code out.

    • @CloudVersityOfficial
      @CloudVersityOfficial  2 ปีที่แล้ว

      Yeah, Linode is a great platfrom to get started. Glad to hear that I convince more people to try out Rancher's k3s =)

  • @JakubWosyka
    @JakubWosyka 3 ปีที่แล้ว +2

    Good job again. I did it the same way not long time ago. Next topic? How to change LB in K3S for custom one (nginx, traefik, caddy - does caddy exist for k8s?) and some useful setup example like force one route to http1.1 for websocket, set other for http2 http3 quik. Load balancing, logs, reverse proxy.
    Or at least how to setup LB to force SSL for rancher demo to slighly extend the topic you have just choosen.
    Cheers

    • @CloudVersityOfficial
      @CloudVersityOfficial  3 ปีที่แล้ว +2

      Enforce SSL acurally could've been part of that video. Would've been just one line of annotation. But I missed it. I can think of doing this together with different LB and or ingress controllers. Like a video with a comparison like character.

    • @JakubWosyka
      @JakubWosyka 3 ปีที่แล้ว

      @@CloudVersityOfficial Great. I tried different lines within annotation based on docs but it did not work for me. If you can make video with different LB providers (nginx + default k3s traefik) it would be really great. thank you

    • @JakubWosyka
      @JakubWosyka 2 ปีที่แล้ว

      @@CloudVersityOfficial Hi, I have come back if you already revealed that one magic annotation line. How to force traefik to use https only? Is there annotation line to redirect http to https? Thanks

    • @JakubWosyka
      @JakubWosyka 2 ปีที่แล้ว +1

      Hi again, I am sorry to possilby confuse you with Traefik. You switched it for Nginx in the first video and I missed that. I tried it again with nginx and maybe something has already changed since you made this video. I am using v1.22.6+k3s1 + certmanager v1.7.1 + ingress-nginx/controller-v1.1.1. I had an issue where nginx served 404 for all of your demos. If I added this line to ingres.yaml file, all started to work again >>> ingressClassName: nginx

    • @CloudVersityOfficial
      @CloudVersityOfficial  2 ปีที่แล้ว

      @@JakubWosyka Yep, you are right this tutorial is a little out dated because of the latest Kubernetes changes (v1.22). You need to specify the ingressclass or you can set it globally, so you don't need to annoate each ingress. The documentation on the ingress nginx website has already been changed.
      I also ran into it :D

  • @MaximYalagin
    @MaximYalagin 2 ปีที่แล้ว

    Cool point I was trying to get all of this without installing the nginx ingress and spend half of week wondering why it’s not working and your video help me point on that prerequisite:) thanks

  • @tecali39
    @tecali39 11 หลายเดือนก่อน

    Thank you for this efforts I like your explanation method 😊

  • @Ealendir
    @Ealendir ปีที่แล้ว

    the next time, if the web and the terminal have a bigger font it will look much better! Tnx for the tutorial.

  • @itsmenoor
    @itsmenoor ปีที่แล้ว

    you are a life saver.. kudos!

  • @nayakvinutha
    @nayakvinutha 2 ปีที่แล้ว

    Thanks a lot ! Found it really very helpful !

  • @Prof_Y
    @Prof_Y 3 ปีที่แล้ว +2

    Super hilfreich. Danke

  • @oldcmputer
    @oldcmputer ปีที่แล้ว

    Great video. Will you do a DNS challenge solver tutorial soon? Would love to see that.

  • @rsrini7
    @rsrini7 2 ปีที่แล้ว +1

    Super Cool. Thanks.

  • @amjds1341
    @amjds1341 2 ปีที่แล้ว +1

    Lovely video. How do we setup auto cert renewal via certs manager?

    • @CloudVersityOfficial
      @CloudVersityOfficial  2 ปีที่แล้ว

      Thank you =)
      Cert-Manger takes care of that. The default is a certificate which is valid for 90 days and will get a renew15 days before expiry. You can tweak those settings to your liking. Let me point you to the specific part of the documentation > cert-manager.io/docs/usage/certificate/#creating-certificate-resources

  • @abhishekshetty89
    @abhishekshetty89 2 ปีที่แล้ว

    Well explained 🙌

  • @georgelza
    @georgelza 3 ปีที่แล้ว +1

    busy watching... thanks...
    question, you using nginx for ingress, any chance you can do a update of thes video, but rather use ISTIO for ingress.

    • @CloudVersityOfficial
      @CloudVersityOfficial  3 ปีที่แล้ว +2

      I'll add it this to my todo list, but Istio is a lot more complicated but I wanted to make a video about service meshes anyway. ;)

  • @yashkumar-d9o
    @yashkumar-d9o ปีที่แล้ว

    great video

  • @farhanyousaf5616
    @farhanyousaf5616 2 ปีที่แล้ว +1

    Will you be doing more videos? This is really good content.

    • @CloudVersityOfficial
      @CloudVersityOfficial  2 ปีที่แล้ว +2

      Thank you =) Yeah there is more content coming. There was just a too much hassle in december ;)

    • @farhanyousaf5616
      @farhanyousaf5616 2 ปีที่แล้ว

      @@CloudVersityOfficial One thing I would like to see is how operators work, and how to install minio using operators with helm. I played around with it, but the pods kept in pending mode looking for local-storage.

    • @CloudVersityOfficial
      @CloudVersityOfficial  2 ปีที่แล้ว +1

      @@farhanyousaf5616 Interesting, I also used minio in the past as an on-prem object storage (w/o the operator). This is probably pretty specific for a dedicated video. Did you check the requirements for the storageclass and the amount of storage for your pv and pvc? They are really specific github.com/minio/operator#tenant-storage-class

    • @farhanyousaf5616
      @farhanyousaf5616 2 ปีที่แล้ว

      @@CloudVersityOfficial I didn’t get that far but plan to do another hacking session on this. Will keep you posted. If/when I get it working I’d be happy to share the details.

  • @SanjeevKumar-nq8td
    @SanjeevKumar-nq8td 2 ปีที่แล้ว

    👏 I see following error : Existing issued Secret is not up to date for spec: [spec.dnsNames] where could the issue be any hint. Thank you

  • @ziaurrehman4738
    @ziaurrehman4738 3 ปีที่แล้ว

    How to use dns solver with wildcard and ambassador tlx context

    • @CloudVersityOfficial
      @CloudVersityOfficial  3 ปีที่แล้ว

      Damn, I really forgot to mention this part. It's done automatically, Cert-Manager will do that for you. The certificates are valid for 90 days and 30 days before their expiration, Cert-Manager will start trying to renew for a month. :)
      You can overwrite those values if you like.

    • @ziaurrehman4738
      @ziaurrehman4738 3 ปีที่แล้ว

      Thanks and please make video on dns solver with wild card using ambassador

  • @SagarMalla-c3t
    @SagarMalla-c3t ปีที่แล้ว

    😇😇😇🥰🥰😍

  • @ziaurrehman4738
    @ziaurrehman4738 3 ปีที่แล้ว

    How to renew cert automatically

    • @CRuas-vu9xo
      @CRuas-vu9xo 3 ปีที่แล้ว

      Good question... :)

    • @ziaurrehman4738
      @ziaurrehman4738 3 ปีที่แล้ว

      Cert manager auto renew. So you don't need to worry about it.

    • @CRuas-vu9xo
      @CRuas-vu9xo 3 ปีที่แล้ว

      @@ziaurrehman4738 Well, not for me.

    • @ziaurrehman4738
      @ziaurrehman4738 3 ปีที่แล้ว

      Did you check your email is active which is attach to let's encrypt for challenge accept

    • @CRuas-vu9xo
      @CRuas-vu9xo 3 ปีที่แล้ว

      @@ziaurrehman4738 Yes it is, I received the email about the expiring certificate but didn't renew.

  • @einfacherkerl3279
    @einfacherkerl3279 2 ปีที่แล้ว +5

    look bro! let's be honest. you are cute, no questions, but that doesn't mean that you keep the camera focused on you for like 6 minutes in beginning of every video. I came here for k3s not for cuteness! use slides, pictures and diagrams instead of just speaking about it

    • @CloudVersityOfficial
      @CloudVersityOfficial  2 ปีที่แล้ว +2

      Thank you for the feedback. Will keep that in mind. To be honest, I think this is the only video with such a long intro. You can skip ahead by using the timestamps.
      Cheerio.

  • @180doman
    @180doman 2 ปีที่แล้ว

    No offense but i think someone interested in k8s clusters, who was able to setup k3s doesn't need explanation of such basic thing like https :D

  • @amitbhoyar5119
    @amitbhoyar5119 2 ปีที่แล้ว

    how to renew ssl certificate automatically

    • @CloudVersityOfficial
      @CloudVersityOfficial  2 ปีที่แล้ว

      Damn, I really forgot to mention this part. It's done automatically, Cert-Manager will do that for you. The certificates are valid for 90 days and 30 days before expiration, Cert-Manager will start trying to renew it for you. :) You can change these values to your liking, just take a look at the documentation. For me the default is just fine.