Hi Everyone, you've been asking for it, and you shall receive, :D here is an updated version of the Let's Encrypt and Cert-manager. I did the intro version for the CNCF; however, I want to dive deeper here in our Cuemby channel, so let me know what else you would like to see about Cert-manager, Let's Encrypt or whatever you want me to try. ua-cam.com/video/hsVvnNff50U/v-deo.html Cheers!
Hi Krishna, can you please elaborate more? I want to make sure to answer your question correctly. To set some context, Let's encrypt it's not a self-sign certificate. However, if your question is related to Cert-manager, you have multiple options. Let's encrypt, Vault, Venafi, and they're also the External provider, a collection of providers from the community that gives you access to CA providers like AWS, Cloudflare, and more. In other words, Cert-manager focuses on the certificate management and rotation, but your certificate is issued by the provider you choose.
Hello , We have k8s cluster and trying to deploy a wild card certificate where domain is being hosted in Godaddy and we want to use let's encrypt as our CA but problem is GoDaddy doesn't support DNS01 challenge and for wildcard certificate DNS01 is what recommend, any suggestions?
Hi Suresh, sorry for the delayed response. I've had the same issue before, and my solution was to use Google DNS at that time, but if you have AWS or Cloudflare, it should work since they are the ones supported by Cert-manager. Although DNS01 wildcards are easy to maintain because you set once and forget. However, I found HTTP01 challenges more efficient when managing multiple tenants and regenerating certificates without affecting others.
@@ar4mirez , in our environment we have clusterissuer deployed and also cert manager deployed, do we need to deploy certificate.yaml also for all the namespaces where our pods reside?
@@sureshkachwa1001 Yes, certificates you need one per namespace because certificates are scoped. However you can avoid creating certificates and use annotations in the Ingress so the certificates get created automatically.
@@ar4mirez oh yes but right now for our env we are using cluster issuer only for cert-manager and no certificate.yaml and as far as I know cluster issuer is creating secret and I think it is creating certificate for whatever A record your LB IP is used,right?
Thank you for your time and sharing the knowledge. Thank you for taking time to prepare the slides. They are great too.
Glad you like them! Thank you Bhavya
This is what I was looking for.
Nice video.
Glad I could help
Hi Everyone, you've been asking for it, and you shall receive, :D here is an updated version of the Let's Encrypt and Cert-manager. I did the intro version for the CNCF; however, I want to dive deeper here in our Cuemby channel, so let me know what else you would like to see about Cert-manager, Let's Encrypt or whatever you want me to try.
ua-cam.com/video/hsVvnNff50U/v-deo.html
Cheers!
is that annotation enable-proxy-protocol still holds true for the ingress-nginx controller 1.2.0 ?
How to get ssl certificates (not self-signed) for internal domains in kubernetes.
Hi Krishna, can you please elaborate more? I want to make sure to answer your question correctly. To set some context, Let's encrypt it's not a self-sign certificate. However, if your question is related to Cert-manager, you have multiple options. Let's encrypt, Vault, Venafi, and they're also the External provider, a collection of providers from the community that gives you access to CA providers like AWS, Cloudflare, and more. In other words, Cert-manager focuses on the certificate management and rotation, but your certificate is issued by the provider you choose.
@@ar4mirez My question is basically that how to get these certificates for internal domains in K8, that is I am talking about local host.
Hello , We have k8s cluster and trying to deploy a wild card certificate where domain is being hosted in Godaddy and we want to use let's encrypt as our CA but problem is GoDaddy doesn't support DNS01 challenge and for wildcard certificate DNS01 is what recommend, any suggestions?
Hi Suresh, sorry for the delayed response. I've had the same issue before, and my solution was to use Google DNS at that time, but if you have AWS or Cloudflare, it should work since they are the ones supported by Cert-manager. Although DNS01 wildcards are easy to maintain because you set once and forget. However, I found HTTP01 challenges more efficient when managing multiple tenants and regenerating certificates without affecting others.
@@ar4mirez , in our environment we have clusterissuer deployed and also cert manager deployed, do we need to deploy certificate.yaml also for all the namespaces where our pods reside?
Can we connect on this thing if you have some time?
@@sureshkachwa1001 Yes, certificates you need one per namespace because certificates are scoped. However you can avoid creating certificates and use annotations in the Ingress so the certificates get created automatically.
@@ar4mirez oh yes but right now for our env we are using cluster issuer only for cert-manager and no certificate.yaml and as far as I know cluster issuer is creating secret and I think it is creating certificate for whatever A record your LB IP is used,right?