Kubernetes - HTTPS ingress controller with your own TLS certificate

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] hey everyone my name is kunal and i'm a developer advocate at civo and in this video i'm going to show you how you can set up your own certificates for ingress so when deploying to kubernetes there can be various scenarios where you would want to use your own tls certificates for ingress rather than let's encrypt or some external provider and in this video we're gonna see how you can do that so the step one is we're gonna first create a sibo uh kubernetes cluster so i can just say cevo k3s create here we did not provide a name so it's gonna automatically you know give us a name for the for the cluster so as you can see the cluster silent surf has been created and it's given it a random name because we did not specify the name but you can do that as well and if you will just refresh it over here you can see that the cluster would be creating just a three node cluster and it's going to take under 90 seconds to be created over here so as you can see our cluster is now running and i can download the cubeconfig file via the dashboard as well or you can use the cocli using c4k3s config and you can download the config for this cluster and you can save it locally as well so i'm saving it in the project folder on my desktop as tlsdemo.config now what i'm going to do is i'm going to export the cubeconfig like i'm gonna add it to my environment uh because if you don't specify the path it's gonna be added to the default location which is dot cube slash config so i'm just gonna export the variable as well i'm gonna say cube cut will get nodes as you can see i can get the three nodes for my cluster that is running right now silence of available over here now let's move on to creating certificates for this tutorial we're going to create a self signed certificate with open ssl but in a real world scenario you can you know you should use a signed certificate from a certified authority and you can for this particular demo make sure you have open ssl installed and make sure you run this command open ssl req and the command that is listed on the screen um also one more thing i want to make sure you understand is that you have to replace this obviously with the your own dns name that you can find on the dashboard so i'm just going to click on this so as you can see it has now generated a private key for us okay um if you're not looking forward to like with the with the dashboard you can also get it using the command c okay it show the cluster name so you can get the dns name over here as well this is going to be important it's going to be using using quite a lot of a lot of this so make sure you have noted it down now in order to use the key that was generated in the previous step we're going to have to create a cuban it is a tls secret for that so this secret will be used later when we work with ingress so you can just create the tls secret so as you can see it has been created in order to make sure like it's working properly we're getting the expected outcome we're gonna be using the standard hello world uh you know application image so i'm just gonna create a deployment related to that i'm gonna create a deployment demo i'm just gonna give it a simple hello world um application so you can see my deployment has been created now we're going to just expose our deployment as a service it's exposed now the next thing we need to do is we need to create uh the the ingress with tls so co communities ships with uh traffic as the default ingress controller so you can directly create the the ingress with that so i'm just going to create a yaml file in this dot yaml i'm going to go inside that i'm gonna paste my my code over here again make sure you're replacing this with your uh you know cluster dns name and i think that's uh good to go cool so we can just say cube cutter apply ingress you can see it's going to create that since that has been created and now we can verify it using cube curl get ingress there you go we have verified the creation of it we already get a dns with the kubernetes co cubing it is cluster so we can just test it using the curl command and obviously you have to replace this uh string with your own domain like dns name so we're just going to click on this it's going to show us a little bit yeah there you go hello world it's showcasing us so this is you know like you're using the server certificate section over here as well where is it there you go there we have the requested information cool and when we did the curl thing so we got the um output for that as well which is hello world that's pretty much about it so this is how you can use um self-signed certificates for ingress let us know in the comment section below if you have any questions you can also reach out to us on the sibo community slack or on twitter and we'll be happy to help you out have a great day [Music]

Info

Channel: Civo

Views: 17,712

Rating: undefined out of 5

Keywords:

Id: lx173fwwsZk

Channel Id: undefined

Length: 5min 19sec (319 seconds)

Published: Tue Feb 15 2022