1 year late to the party, but this value is the name of a secret that cert-manager will generate for you (It's pretty poorly documented, in my opinion). This secret contains a private key that is used to automatically register for a Let's Encrypt account to identify you. This, in turn, allows them to know who is requesting certificates and prevent abuse. You can name it whatever you want, it's just a name to allow you to easily identify what the secret is for.
This video is stunning, as are all of your videos. You are actually explaining complicated concepts in simple terms, delivering knowledge to your viewers. Much appreciated!
Great tutorial, really nice educational content. I have a question: I've noticed that you've disabled 'proxy' at 12:30 ; what if you want to keep it (i.e. keeping a secure connection between *both* the user and CF, and CF and the cluster)? How would you do that? Thanks for the video! 🤩
thank you ! the secret and the cert are ready nad i did everything correctly but the aap is not secure and i find Kubernetes Ingress Controller Fake Certificate
Awesome video, very informative thank you. I screwed up when I was trying to setup Argo on my cluster, I deleted and applied it a good few times and sadly I exceeded the limit on Lets Encrypt, so I am blocked for a week.
This was an absolute pain, but not your fault. GKE was not cooperating lol. Besides, in my case I had to specify the namespace of cert-manager for the cloudflare apikey in order for it to work. Just letting you know guys
If you want to know what cert-manager is doing you can check the logs of the cert-manager pods with "kubectl logs", I use that to troubleshoot as well (I made a video on how to do this but with duckdns but is in spanish only, for now). I really like the quality of this video and the way it is explained.
Muchas gracias. Estoy aprendiendo kubernetes y cada vez me motiva mas aprenderlo porque me hace las cosas mucho mas faciles que docker y portainer. Ademas de que lo siento más rápido en todos los aspectos.
Hey, First of all, Thanks a lot for the video! In my case the "Waiting on certificate issuance from order" stays for ever!! Any idea what the issue could be?
Do you know how to include multiple wildcard certificates (Lets Encrypt for external domain & self signed for internal domain) in Traefik? You can't read the secret (wildcard certificate) which lives in a central namespace from an ingress object in a different namespace. The documentation is unfortunately pretty bad at Traefik :/
@@christianlempa Can you please tell me which terminal you use and how did you shortcut the commands of kubectl like kubectl switch to specific namespace
@@christianlempa Also can you please provide any configuration needed when enable proxy on dns record in cloudflare because it is mandatory to use proxy setting for the dns record
Another thing to note is that one should specify a different DNS server like gdns or cldflre for cert-manager, as the DNS-01 challenge will be drastically faster and you will then also be able to use split DNS for local DNS resolution of your domain.
Sounds interesting, but I have no idea what you're talking about :D Could you share some more information with me? Maybe in Discord or Mail? Thank you!
Hi Christian,
trying to follow your tutorial, but what exactly is "example-issuer-account-key"?
1 year late to the party, but this value is the name of a secret that cert-manager will generate for you (It's pretty poorly documented, in my opinion). This secret contains a private key that is used to automatically register for a Let's Encrypt account to identify you. This, in turn, allows them to know who is requesting certificates and prevent abuse. You can name it whatever you want, it's just a name to allow you to easily identify what the secret is for.
Nice work man. I appreciate it as I have been overthinking TLS for awhile now and your video helped to simplify it for me.
Thank you! 😀
This video is stunning, as are all of your videos. You are actually explaining complicated concepts in simple terms, delivering knowledge to your viewers. Much appreciated!
Thank you so much :)
Great tutorial, really nice educational content. I have a question:
I've noticed that you've disabled 'proxy' at 12:30 ; what if you want to keep it (i.e. keeping a secure connection between *both* the user and CF, and CF and the cluster)?
How would you do that?
Thanks for the video! 🤩
You can of course enable it, I disabled it to show how the cert-manager certificate is working.
thank you ! the secret and the cert are ready nad i did everything correctly but the aap is not secure and i find Kubernetes Ingress Controller Fake Certificate
Very useful! I've tinkered around with this quite a bit and honestly the http challenge stuff is quite a pain.
Hi, do I have to open port 80 on public rule to make the certificaterequest "true" state ?
the "name: example-issuer-account-key" is unclear.
OMG i can't thanking you enough for this video. I have watched it 100 times. Clutch.
Awesome video, very informative thank you.
I screwed up when I was trying to setup Argo on my cluster, I deleted and applied it a good few times and sadly I exceeded the limit on Lets Encrypt, so I am blocked for a week.
You're welcome. Ouch, that happened to me as well in the past :D
Y
R
This was an absolute pain, but not your fault. GKE was not cooperating lol. Besides, in my case I had to specify the namespace of cert-manager for the cloudflare apikey in order for it to work. Just letting you know guys
Would be possible to create a certificate to be used only for a local service ("home lab") but using the cloudflare to answer the dns01 challenge?
Thanks for the videos. I’ve learnt a lot from you. Keep continuing uploading videos like this.
Thanks! Of course I'll do 😀
Great explanation
when we use this for multiple applications, do I need to create seperate namespace for each certificate ?
do you have to use a dns zone? For example I just want to use the dns that AWS or Azure gives me.
thanks so much, this really helped me understand cert-manager - especially the DNS01 challenge bit.
ok, what if you dont know the cluster t12:32 and you want wild card cert?
Nice Tutoria
Do you have any tutorial for setting Free SSL Certs in Docker via docker-compose file!?
I have done a tutorial about Traefik and NPM in Docker, Maybe that's helpful to you!
@@christianlempa kindly share the links
I use cert manager + ingress for a long time, but its the first time that I understand how to troubleshooting it
Cool! I'm glad it was still useful 😀
If you want to know what cert-manager is doing you can check the logs of the cert-manager pods with "kubectl logs", I use that to troubleshoot as well (I made a video on how to do this but with duckdns but is in spanish only, for now). I really like the quality of this video and the way it is explained.
@@javi_labs3769 thank you Javi, I'll take a look
Muchas gracias. Estoy aprendiendo kubernetes y cada vez me motiva mas aprenderlo porque me hace las cosas mucho mas faciles que docker y portainer. Ademas de que lo siento más rápido en todos los aspectos.
Hey, First of all, Thanks a lot for the video!
In my case the "Waiting on certificate issuance from order" stays for ever!! Any idea what the issue could be?
Take a look at the troubleshooting guides on cert-managers docu, they help a lot!
Did you ever get this fixed?
I have a question can you help.
Your videos are superb, I learned so much
Wow, you explained it so nice that it now seems,as it called in German: einfach 😅😅
Thank you :D
Where's treaefik?
great video! I just setup cert-manager + traefik a few days before and was able to verify my steps in my scripts. so thanks for the "missing piece"!
You're welcome! :)
Obrigado
you saved my day!
Thank you, very good! is there a way you could share the file nginx-test.yml please?
Can you make a video on how to setup haproxy as reverse proxy for home server like for plex, etc.,
Maybe, I'll need to check ;)
fyi CRDs = Custom Resource Definitions, not Role
Oh yep that’s true xD
is your domain registar also cloudflare?
Yes for some domains
Do you know how to include multiple wildcard certificates (Lets Encrypt for external domain & self signed for internal domain) in Traefik? You can't read the secret (wildcard certificate) which lives in a central namespace from an ingress object in a different namespace. The documentation is unfortunately pretty bad at Traefik :/
You can still manage self-signed certs in cert-manager, so why not do this instead of traefik?
I really enjoyed the tutorial and thanks a lot, it answers many questions.
Thank you! Great it helped you ;)
@@christianlempa Can you please tell me which terminal you use and how did you shortcut the commands of kubectl like kubectl switch to specific namespace
@@christianlempa Also can you please provide any configuration needed when enable proxy on dns record in cloudflare because it is mandatory to use proxy setting for the dns record
Awesome
Thx
can you do devops pls.// leave linux and version control we already have alot of vedios // help me out o=for junior devops role.
Why leave out these great topics?
Nice
Thx
Another thing to note is that one should specify a different DNS server like gdns or cldflre for cert-manager, as the DNS-01 challenge will be drastically faster and you will then also be able to use split DNS for local DNS resolution of your domain.
Sounds interesting, but I have no idea what you're talking about :D Could you share some more information with me? Maybe in Discord or Mail? Thank you!