How to debug Kubernetes Ingress? (TLS - Cert-Manager

How to debug Kubernetes Ingress? (TLS - Cert-Manager - HTTP-01 & DNS-01 Challenges)

Рет қаралды 5,528

Күн бұрын

🔴 - To support my channel, I’d like to offer Mentorship/On-the-Job Support/Consulting - me@antonputra.com
▬▬▬▬▬ Experience & Location 💼 ▬▬▬▬▬
► I’m a Senior Software Engineer at Juniper Networks (12+ years of experience)
► Located in San Francisco Bay Area, CA (US citizen)
▬▬▬▬▬▬ Connect with me 👋 ▬▬▬▬▬▬
► LinkedIn: / anton-putra
► Twitter/X: / antonvputra
► GitHub: github.com/antonputra
► Email: me@antonputra.com
▬▬▬▬▬▬ Related videos 👨‍🏫 ▬▬▬▬▬▬
👉 [Playlist] Kubernetes Tutorials: • Kubernetes Tutorials
👉 [Playlist] Terraform Tutorials: • Terraform Tutorials fo...
👉 [Playlist] Network Tutorials: • Network Tutorials
👉 [Playlist] Apache Kafka Tutorials: • Apache Kafka Tutorials
👉 [Playlist] Performance Benchmarks: • Performance Benchmarks
👉 [Playlist] Database Tutorials: • Database Tutorials
▬▬▬▬▬▬▬ Timestamps ⏰ ▬▬▬▬▬▬▬
0:00 Intro
0:47 How to Secure a Website with TLS?
2:22 HTTP-01 Challenge
2:58 DNS-01 Challenge
3:37 Cert-Manager Kubernetes Ingress Workflow
5:30 HTTP-01 Challenge Demo
12:12 DNS-01 Challenge Demo
▬▬▬▬▬▬▬ Source Code 📚 ▬▬▬▬▬▬▬
► GitHub: github.com/antonputra/tutoria...
#Kubernetes #K8s #DevOps

Пікірлер: 31

@AntonPutra 3 ай бұрын

🔴 - To support my channel, I’d like to offer Mentorship/On-the-Job Support/Consulting - me@antonputra.com

@jonhwicked6839 Ай бұрын

This is best !! Please keep teaching!!

@Antonio-yy2ec 3 ай бұрын

Pure gold! Thank you, Anton. Keep going.

@AntonPutra 3 ай бұрын

than you!

@ailsontavares4564 18 күн бұрын

Thanks so much for this tutorial. Keep going!!

@AntonPutra 18 күн бұрын

welcome!

@arozendojr 3 ай бұрын

Your content is helping me a lot, thank you very much

@AntonPutra 3 ай бұрын

Welcome! This one is more niche-specific, but I think a lot of people using Nginx Ingress will find it useful.

@richinex 3 ай бұрын

Hi @AntonPutra, how do I get access to the files/resources. I have just subscribed to your videos

@AntonPutra 3 ай бұрын

@@richinex I have a link under each video - github.com/antonputra/tutorials/tree/main/lessons/194

@richinex 3 ай бұрын

@@AntonPutra True I found it. Thanks

@gabecerts4286 3 ай бұрын

Awesome, Thanks, the best

@AntonPutra 3 ай бұрын

welcome!

@MagDag_ 3 ай бұрын

Спасибо. Привет из Флориды

@AntonPutra 3 ай бұрын

bez problem :)

@minhnhatcao259 Ай бұрын

Thanks! Do I need to create kind Certificate when already install helm cert-manager?

@AntonPutra Ай бұрын

you have 2 options. 1. just use annotation on the ingress and "Certificate" will be created automatically. 2. Instead of annotation you can manually create "Certificate" which will generate private key and obtain public cert from letsencrypt. first option is prefered but it's up to you

@fio_mak 14 күн бұрын

Can you throw some more light on openid connect provider? Can I use same with GoDaddy DNS?

@AntonPutra 13 күн бұрын

Take a look at external-dns. It watches for ingress hostnames and automatically creates DNS records. GoDaddy is also supported - github.com/kubernetes-sigs/external-dns

@soufiane22v 3 ай бұрын

Amazing stuff , which tool do you use to create those extraordinary diagrams ?

@AntonPutra 3 ай бұрын

thanks! i use adobe suite

@soufiane22v 3 ай бұрын

@@AntonPutra thanx a lot for the quality 🙏🏻🙏🏻🙏🏻. Do have any plan to create some paid courses on udemy or on your own platform ?

@AntonPutra 3 ай бұрын

@@soufiane22v thanks, maybe in the future

@tdslot 3 ай бұрын

Very good video, but if I have k8s on premises behind firewall and not using AWS Route53 DNS service? I use other that not in CertManager provider list. What about this case?

@AntonPutra 3 ай бұрын

Thanks!. Just use cert-manager with http-01, it only requires you to open port 80 and no additional integrations.

@tdslot 3 ай бұрын

@@AntonPutra Hello, if I understood correctly then my all internal host names that exist on ingress will be exposed to public internet?

@AntonPutra 3 ай бұрын

@@tdslot ⁠No, you can’t use public CA to issue certificates for your private domains, unless of course you own public domain as well. But in that case you would face dns double horizon issues. If you only need to protect your internal domains, you need to use self sign ca.