Custom Thumbnail 

drop img here or browse to upload

add answer
create album
  • feeling
  • traveling
  • watching
  • playing
  • listening
  • Happy
  • Loved
  • Sad
  • Very sad
  • Angry
  • Confused
  • Hot
  • Broken
  • expressionless
  • Cool
  • Funny
  • Tired
  • Lovely
  • Blessed
  • Shocked
  • Sleepy
  • Pretty
  • Bored
0%

kubernetes cert-manager - how to use wildcard ssl as a certificate issuer

kubernetes cert-manager - how to use  wildcard ssl as a certificate issuer

I have a wildcard certificate bought from namecheap. So now I am going to use the certificate for all of my sub-domain. For this I need a cluster certificate issuer. We are going to use cert manager. So lets start -

Step 1: Create a secret in the cert-manager namespace name with ca-secrets.yaml

apiVersion: v1
kind: Secret
metadata:
  name: ca-key-pair
  namespace: cert-manager
data:
  tls.crt:  base64 of fullchain-ca.bundle you need full chain, this may help - cat nise_gov_bd.ca-bundle nise_gov_bd.crt > chain.pem
  tls.key:  base64 cert.key

unknown authority problem solution:  cat  server.crt  server.ca-bundle server.key >> ssl-bundle.crt
here server.crt is the crt file only
        server.ca-bundle the bundle file

        server.key is the sertificate key

 

You can generate tls.cert and tls.key by following command - 

 cat fullchain-ca.bundle | base64 -w0
 cat cert.key | base64 -w0

Now apply the secrets by following command - 

kubectl apply -f ca-secrets.yaml

 

Step 2: now create a certificate issuer name with ca-issuer.yaml 

apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
 name: k-issuer
 namespace: cert-manager
spec:
 ca:
   secretName: ca-key-pair

Here secretName is the secret which we created in step 1 ca-key-pair

 

Step 3: Now create a certificate name with cert.yaml to test the issuer -

apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
  name: test-cert-by-kalyan
spec:
  secretName: k-key-pair
  dnsNames:
  - "*.default.svc.cluster.local"
  - "core2.default.com"
  isCA: true
  issuerRef:
    name: k-issuer
    kind: ClusterIssuer

Here the issuerRef.name and issuerRef.kind is important.

 

If you want to use with your ingress then just write this in annotations - 

cert-manager.io/cluster-issuer: k-issuer

Thats all we need to do. for more information follow the link CA issuer Cert-Manager If you have any question or problem please comment. I'll reply. Thank you.

Be the first person to like this
    Back
    friends & family