In this video, I describe about certificates generation and usage in Kubernetes and related products.
Пікірлер: 35
@vitusyu95832 ай бұрын
Good presentation, useful info for my deeper understanding of how certs work in k8s! Thx!
@SridCloud2 ай бұрын
Thanks for your visit and comments. Thanks!
@shantanupareek6631Ай бұрын
Thank you so much for this video. Good efforts!
@krishnachaitu1710 ай бұрын
Thanks for this very insightful
@JitenPalaparthi2 жыл бұрын
One of the best videos abt certificate
@SridCloud Жыл бұрын
Wow, thanks!
@robertsarnapeta58259 ай бұрын
These certs are self-signed. In baremetal kubernetes cluster, how do we manage these certs. Usually, in PROD, do we replace the certs by getting them from security team? Please explain on how we renew them or manage them in realtime PROD scenario. From where do we get the certs and do we replace ca.crt and ca.key and all the certs for different components etc... My understanding is that we dont use self-signed certs for PROD environment. Hope, you got my query. Thanks!
@mazharabbas871 Жыл бұрын
Thank you so much. This is all about Kubernetes certificates :)
@SridCloud Жыл бұрын
You're most welcome!
@dakshithamevandias89492 жыл бұрын
I'm bit confused with clients private key. For example when and how will admins(kubectl) private key be used? Isnt it only the client certificate that is required for the server side?
@NamLe-fl4sz3 ай бұрын
From Viet Nam. Thanks
@pengumind1519 ай бұрын
the way you created the kube-apiserver cert is wrong cause the alternate dns names were not defined, it does work partially in a k8s cluster
@mIbrahim19812 жыл бұрын
Thanks.. Very good explanation ... Just have one question, How api-server validate the certificate sent by admin user ? Does he has the Admin certificate installed ?
@SridCloud Жыл бұрын
Trust is the answer..
@inadmemmedov61163 жыл бұрын
Really liked the concept, thanks for the detailed information provided. One question, if the api-server cert is expired , do we need to generate a new api-server.key and new csr or we sign the same csr with the ca.key and ca.crt?
@SridCloud3 жыл бұрын
Thanks for visiting my channel. Please refer to kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-certs/ for setting up automatic or manual renewal of certs.
@nileshwagh36015 ай бұрын
Hi Can you guide me,my cluster ca.crt is going to expire in 2days, how should I renew the ca.crt in running cluster.
@otherwize123 жыл бұрын
Does a pod or container on the worker node also recieve a certificate? How can the communication with the applications in them or the pods/containers themselves take place in a secure manner?
@SridCloud3 жыл бұрын
This is a good question, this video is to discuss how components of the kubernetes communicate with each other. What you are asking is at the application level, your application needs to manage its own certificate on client and server sides. I will do some research and post a video on this interesting topic!
@filipstojiljkovic4711 Жыл бұрын
You didn't really explain, are you on filesystem of master node or ?
@YouTubers-rj9xv2 жыл бұрын
Bro super teaching
@SridCloud Жыл бұрын
Thank you so much 🙂
@viswaviswa8616 Жыл бұрын
Hi can you please help me where I can find ca.key inside the eks cluster 1.26
@vamshikrishna55213 жыл бұрын
Hello, we have a single box K8S cluster and i see cert is expired as i am getting 509x error while get pods. So how do i renew them, also as i am unable to connect to cluster or get pots etc..... do i need to take backup of pods or any config ? if yes how to see them and what configs should i take backup. i know bit of k8s but the team who managed this cluster, are not supporting anymore. could me help me in this regard's - suggesting any links
@SridCloud3 жыл бұрын
Hi Vamshi, thanks for watching this video! Refer to kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-certs/ to answers to your question. It has steps on how to do certificate renewal.
@SuperKrishnavamsi Жыл бұрын
Hi I want to replace my ca.crt and I don't have .key file for it as it a corporate certificate how can I create other certs using this cert and i have already deployed cluster with default certs which are created when we ran kubeadm init
@SridCloud Жыл бұрын
Hi Super! Thanks for visiting.. I think you can creaet and place the certs on an existing kube environment.
@vkgiddu Жыл бұрын
Put lot of effort, with out any context of linking between various certificates. If kubectl certificate and api-server are two completely different certificates, how do both know each other is the key and missing price. Waste of time of everyone.
@SridCloud Жыл бұрын
Can you explain more!?
@fanily40722 жыл бұрын
Nice Video. I realized just how insecure Kubernetes is because the ca.key is stored in plain text in /etc/kubernetes/pki. That is the private key of the root CA for every other service. Don't let that file get compromised!