The only certificate, that is self signed, is the certificate of the CA (as with every Root CA). So the rest of the certificates like the one for your nginx is a signed certificate - it’s signed by a non public CA but it is not self signed. But despite of this detail your explanation is very useful for getting better view on certificates in common and on Kubernetes in particular.
@christianlempa2 жыл бұрын
Thanks mate! You're absolutely right, I often say that to make it clear the cert is signed by self-signed ca. Might be a bit lazy that's true 🤣
@TheArtemus752 жыл бұрын
Hey Christian, hopefully you have enjoyed your holidays! Thanks for this video and good explanation! In my opinion all of your tutorials are really valuable. Keep on going this good work and as we can see, your community is growing and growing... :-)
@christianlempa2 жыл бұрын
Thank you so much! Yeah holidays were good :)
@DmitryTsarev Жыл бұрын
To everyone who wondered which tool was used to draw the ascii diagram @11:47 … Not exactly sure which particular one did Christian use (would be nice to know), but such diagrams can be created with tools like ‘asciiflow’ and ‘asciio’
@MatiasFranci2 жыл бұрын
This video es super clear. Could you please tell us which software do you use to show the Architecture Diagram (from Powershell)?
@guyfeldman46972 жыл бұрын
You can use kubectl create secret with -from-file flags to upload the contents. I haven’t tried it from windows though
@christianlempa2 жыл бұрын
Thanks! I'll try it
@vitusyu95832 жыл бұрын
Sounds like a bit complicated, but your delivery is quite clear, and I would give it a try on my home lab! Thanks!
@kevinyu99342 жыл бұрын
Hi, thanks for the amazing contents! Could you also share the name of the tool that you use for drawing the diagram in markdown?
@jonzuka9746 Жыл бұрын
Thank you! Quick and precise.
@paparoup Жыл бұрын
What an awesome guide and very clear on the steps, thanks for your time. I followed the steps but i end up with this error message "message: 'Error getting keypair for CA issuer: certificate is not a CA'" when creating the cluster issuer which isn't the case in your video. What am i missing? Thanks again for the time invested
@andibiront23165 ай бұрын
Great guide. I've followed it but made some changes. I created an intermediate certificate signed by my Active Directory root CA and uploaded the chain to cert-manager. It's working great. I wanted to change the certificate of Rancher and Portainer, but Helm installation automatically creates an Issuer for the namespace, so I don't know exactly how should I change them.
@christianlempa5 ай бұрын
Nice work! Thank you!
@lenoah86926 ай бұрын
Thank you ! Best teacher
@christianlempa6 ай бұрын
Thanks 🙏
@GihanS2 жыл бұрын
This is super awesome. Keep going !
@christianlempa2 жыл бұрын
Thanks! :)
@dr.wordpress2 жыл бұрын
Hi, your tutorials helped me a lot. can you do a tutorial about hosting gristlabs/grist with portainer. please?
@MrToup2 жыл бұрын
This video give a super clear explanation about issuer and certificate. Is it right to say that the benefits over let’s Encrypt certificate is to be more independent as we do not expose it to internet?
@christianlempa2 жыл бұрын
Thank you! And yeah absolutely, everything that you expose on the internet is a potential risk.
@alex.prodigy2 жыл бұрын
LabCA is also an interesting one , it's actually a community build of Boulder , the same ACME CA backend used by Let's Encrypt
@christianlempa2 жыл бұрын
Thx great idea, I'll check it out
@Lamnt21310 ай бұрын
Followed and subscribed. Thanks for your guidance.
@christianlempa10 ай бұрын
Thanks! and welcome :)
@hemanthnlr Жыл бұрын
HI , This tutorial is good . thanks lot for sharing info . when i try to install cert-manager using helm ... cert-manager helm status shown as pending-install and my kuberates version v1.23.3... can you share your suggestion on this
@dmsi19802 жыл бұрын
you can use stringData instead of data in your secret manifest and paste multiline pem certs instead of base64 string
@pablofernandezrecaman413325 күн бұрын
Is there any way to have ssl certificates inside twingate in this kubernetes environment?
@dillanteagle37262 жыл бұрын
This works but there is also the option of having certmanager automate creating the self signed certificate and secret.
@sashapokatilov Жыл бұрын
Thx, bro! U are my hero)
@christianlempa Жыл бұрын
You're welcome! Thank you :)
@squalazzo Жыл бұрын
diagram at 12:00, did you use some tool, or made it manually? about base64 and secrets, just use stringData insead of data and put them straight into the secret, no need to encode them
@christianlempa Жыл бұрын
I used asciiflow but it’s a lot manual work as well :P
@hussamhyari Жыл бұрын
Thank you for the video. I am trying to secure a mosquitto broker using k8s cluster and exposed with a loadbalancer, can this implementation be used to secure the mqtt connection?
@christianlempa Жыл бұрын
You're welcome :) I'm not quire sure about mosquitto, haven't worked with it before
@Resulok2 жыл бұрын
Hi Christian, I have weird question) How you did scheme on timeline 11:46 ?
@zakeeyullah2 жыл бұрын
Hi, can you make a tutorial how to redirect IP address automatically to domain When using nginx proxy manager to manage containers reverse proxy.
@MohitSharma-fm2vj4 ай бұрын
I followed the exact tutorial, but traefik is unable to find the middleware, saying it doesnot exist. Can anyone help on this??
@haddysrosserrier20612 жыл бұрын
Tried this method, doesn't work. Had an issue with the RSA structure being too large after encoded. Just a heads up.
@sachinmalhotra92352 жыл бұрын
How to manage windows server data real time backup i can purchase to servers
@Xiovox2 жыл бұрын
Which VSC theme & font are you using?
@christianlempa2 жыл бұрын
I created my own theme the digital life and use the Hack Nerd Font
@mohammedsadrulhudaquadri87312 жыл бұрын
Shell theme is so cool. Could someone please help me with the name of the theme
@christianlempa2 жыл бұрын
Thanks, mate, You find the settings for the Windows terminal and other stuff on GitHub in my dot files repo!
@mohammedsadrulhudaquadri87312 жыл бұрын
@@christianlempa Thanks buddy ! btw loved your content !!
@BP-qy2pb2 жыл бұрын
Use git-bash or WSL2 instead.
@KairosVI Жыл бұрын
how to base64 in powershell? docker run -it bash XD
@christianlempa Жыл бұрын
:D
@joshuabruno2 жыл бұрын
Bro all we care about is whether or not an American style Kölsch counts as a REAL Kölsch.
@darthweiter70742 жыл бұрын
Doing it under windows -> install wsl2 and use linux there 😂
@Reiner0302 жыл бұрын
Base64: from a stackOverflow answer this should be the solution and I also had to use certutils for importing a certificate to ADS in Windows Server 2012: > Windows comes with certutil.exe (a tool to manipulate certificates) which can base64 encode and decode files. > certutil -encode test.exe test.txt > certutil -decode test.txt test.exe Additional M$ has a documentation "Convert file to Base64 string format" with this one-liner: > [convert]::ToBase64String((Get-Content -path "your_file_path" -Encoding byte))
@russellrv2 жыл бұрын
SSL Certificate and Easy Guide should never be used in the same statement
@leela5012 Жыл бұрын
i have tried using in windows using physical location it worked for me to convert self-signed certificate > cat C:\\Users\\username\\ca.crt | base64 -w 0
@nireeshwaravaanam2 жыл бұрын
How can I contact you +
@aswinmaheshc2 жыл бұрын
May be you can try like this for encoding with Base64 with Powershell Encoding: $Cert = ‘This is a secret' $Bytes = [System.Text.Encoding]::Unicode.GetBytes($Cert) $EncodedText =[Convert]::ToBase64String($Bytes) $EncodedText
@christianlempa2 жыл бұрын
Thx! Maybe I could put it in a script
@malthaeldai20832 жыл бұрын
Hi, you could break this down to: [convert]::ToBase64String((Get-Content -path "ca.crt" -AsByteStream -Raw)) At least while using PowerShell 7.2. For PowerShell 5.1 this won't work unfortunately. But in my opinion using either Linux direct or via wsl is by far shorter and faster to type. Best regards from Hamburg
@malthaeldai20832 жыл бұрын
In addition: [convert]::ToBase64String((Get-Content -path "ca.crt" -Encoding byte)) Would be for PowerShell 5.1
@alexrocha7010 Жыл бұрын
You can try this for PowerShell Core: [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(@(Get-Content ca.crt)))