No video
Free SSL Certs in Kubernetes! Cert Manager Tutorial
Рет қаралды 57,602
Күн бұрын
@0xb1b18 Жыл бұрын
This video is stunning, as are all of your videos. You are actually explaining complicated concepts in simple terms, delivering knowledge to your viewers. Much appreciated!
@christianlempa Жыл бұрын
Thank you so much :)
@raphaelschmidt3465 Жыл бұрын
Hi Christian, trying to follow your tutorial, but what exactly is "example-issuer-account-key"?
@TerrorByteTW Ай бұрын
1 year late to the party, but this value is the name of a secret that cert-manager will generate for you (It's pretty poorly documented, in my opinion). This secret contains a private key that is used to automatically register for a Let's Encrypt account to identify you. This, in turn, allows them to know who is requesting certificates and prevent abuse. You can name it whatever you want, it's just a name to allow you to easily identify what the secret is for.
@christian15213 2 жыл бұрын
OMG i can't thanking you enough for this video. I have watched it 100 times. Clutch.
@aceisastud 2 жыл бұрын
Nice work man. I appreciate it as I have been overthinking TLS for awhile now and your video helped to simplify it for me.
@christianlempa 2 жыл бұрын
Thank you! 😀
@dedpossum66 2 жыл бұрын
Very useful! I've tinkered around with this quite a bit and honestly the http challenge stuff is quite a pain.
@mananalosubo Жыл бұрын
Muchas gracias. Estoy aprendiendo kubernetes y cada vez me motiva mas aprenderlo porque me hace las cosas mucho mas faciles que docker y portainer. Ademas de que lo siento más rápido en todos los aspectos.
@lva98 2 жыл бұрын
I use cert manager + ingress for a long time, but its the first time that I understand how to troubleshooting it
@christianlempa 2 жыл бұрын
Cool! I'm glad it was still useful 😀
@javi_labs3769 2 жыл бұрын
If you want to know what cert-manager is doing you can check the logs of the cert-manager pods with "kubectl logs", I use that to troubleshoot as well (I made a video on how to do this but with duckdns but is in spanish only, for now). I really like the quality of this video and the way it is explained.
@lva98 2 жыл бұрын
@@javi_labs3769 thank you Javi, I'll take a look
@ocheejembi9187 Жыл бұрын
thanks so much, this really helped me understand cert-manager - especially the DNS01 challenge bit.
@mari__b 2 жыл бұрын
great video! I just setup cert-manager + traefik a few days before and was able to verify my steps in my scripts. so thanks for the "missing piece"!
@christianlempa 2 жыл бұрын
You're welcome! :)
@lakshminarasimmanv 2 жыл бұрын
Thanks for the videos. I’ve learnt a lot from you. Keep continuing uploading videos like this.
@christianlempa 2 жыл бұрын
Thanks! Of course I'll do 😀
@esu7116 2 жыл бұрын
Great tutorial, really nice educational content. I have a question: I've noticed that you've disabled 'proxy' at 12:30 ; what if you want to keep it (i.e. keeping a secure connection between *both* the user and CF, and CF and the cluster)? How would you do that? Thanks for the video! 🤩
@christianlempa 2 жыл бұрын
You can of course enable it, I disabled it to show how the cert-manager certificate is working.
@jmac217x Ай бұрын
Great explanation
@randeerlalanga 11 ай бұрын
Your videos are superb, I learned so much
@yahiyaayoub5366 2 жыл бұрын
I really enjoyed the tutorial and thanks a lot, it answers many questions.
@christianlempa 2 жыл бұрын
Thank you! Great it helped you ;)
@yahiyaayoub5366 Жыл бұрын
@@christianlempa Can you please tell me which terminal you use and how did you shortcut the commands of kubectl like kubectl switch to specific namespace
@yahiyaayoub5366 Жыл бұрын
@@christianlempa Also can you please provide any configuration needed when enable proxy on dns record in cloudflare because it is mandatory to use proxy setting for the dns record
@jayglynn7349 5 ай бұрын
Hi, do I have to open port 80 on public rule to make the certificaterequest "true" state ?
@giorgostsilivis6771 Жыл бұрын
you saved my day!
@Spydaw 2 жыл бұрын
Awesome video, very informative thank you. I screwed up when I was trying to setup Argo on my cluster, I deleted and applied it a good few times and sadly I exceeded the limit on Lets Encrypt, so I am blocked for a week.
@christianlempa 2 жыл бұрын
You're welcome. Ouch, that happened to me as well in the past :D
@vishvasthakor3548 2 жыл бұрын
Y R
@unone9220 Жыл бұрын
Would be possible to create a certificate to be used only for a local service ("home lab") but using the cloudflare to answer the dns01 challenge?
@user-xp6kb1rg1h 10 ай бұрын
when we use this for multiple applications, do I need to create seperate namespace for each certificate ?
@christian15213 2 жыл бұрын
do you have to use a dns zone? For example I just want to use the dns that AWS or Azure gives me.
@freibuis Жыл бұрын
ok, what if you dont know the cluster t12:32 and you want wild card cert?
@ramprasd89 2 жыл бұрын
Hey, First of all, Thanks a lot for the video! In my case the "Waiting on certificate issuance from order" stays for ever!! Any idea what the issue could be?
@christianlempa 2 жыл бұрын
Take a look at the troubleshooting guides on cert-managers docu, they help a lot!
@gnub 6 сағат бұрын
Did you ever get this fixed?
@susmitroy9178 Жыл бұрын
Wow, you explained it so nice that it now seems,as it called in German: einfach 😅😅
@christianlempa 11 ай бұрын
Thank you :D
@LampJustin 2 жыл бұрын
Another thing to note is that one should specify a different DNS server like gdns or cldflre for cert-manager, as the DNS-01 challenge will be drastically faster and you will then also be able to use split DNS for local DNS resolution of your domain.
@christianlempa 2 жыл бұрын
Sounds interesting, but I have no idea what you're talking about :D Could you share some more information with me? Maybe in Discord or Mail? Thank you!
@bernardchisumo4054 2 жыл бұрын
Nice Tutoria Do you have any tutorial for setting Free SSL Certs in Docker via docker-compose file!?
@christianlempa 2 жыл бұрын
I have done a tutorial about Traefik and NPM in Docker, Maybe that's helpful to you!
@bernardchisumo4054 2 жыл бұрын
@@christianlempa kindly share the links
@elibukin4840 3 ай бұрын
the "name: example-issuer-account-key" is unclear.
@papstrohrspatz1576 2 жыл бұрын
Do you know how to include multiple wildcard certificates (Lets Encrypt for external domain & self signed for internal domain) in Traefik? You can't read the secret (wildcard certificate) which lives in a central namespace from an ingress object in a different namespace. The documentation is unfortunately pretty bad at Traefik :/
@christianlempa 2 жыл бұрын
You can still manage self-signed certs in cert-manager, so why not do this instead of traefik?
@limak-ys4fr 2 жыл бұрын
Awesome
@christianlempa 2 жыл бұрын
Thx
@devopsjunior3888 Жыл бұрын
Obrigado
@lakshminarasimmanv 2 жыл бұрын
Can you make a video on how to setup haproxy as reverse proxy for home server like for plex, etc.,
@christianlempa 2 жыл бұрын
Maybe, I'll need to check ;)
@christian15213 2 жыл бұрын
I have a question can you help.
@songmeo Жыл бұрын
is your domain registar also cloudflare?
@christianlempa Жыл бұрын
Yes for some domains
@NomiTrd 2 жыл бұрын
Nice
@christianlempa 2 жыл бұрын
Thx
@luizmainart3169 Жыл бұрын
Where's treaefik?
@et4493 Жыл бұрын
This was an absolute pain, but not your fault. GKE was not cooperating lol. Besides, in my case I had to specify the namespace of cert-manager for the cloudflare apikey in order for it to work. Just letting you know guys
@sfincione2000 Жыл бұрын
fyi CRDs = Custom Resource Definitions, not Role
@christianlempa Жыл бұрын
Oh yep that’s true xD
@Satyam1010-N 2 жыл бұрын
can you do devops pls.// leave linux and version control we already have alot of vedios // help me out o=for junior devops role.
@christianlempa 2 жыл бұрын
Why leave out these great topics?
@testes2390 2 жыл бұрын
Thank you, very good! is there a way you could share the file nginx-test.yml please?
Christian Lempa
Рет қаралды 84 М.
Techno Tim
Рет қаралды 96 М.
BAKAVETS
Рет қаралды 13 М.
CloudVersity
Рет қаралды 13 М.
DevOps Toolkit
Рет қаралды 8 М.