TLS in kubernetes - Certificate Creation

Take me to Video Tutorial

In this section, we will take a look at TLS certificate creation in kubernetes

Generate Certificates

There are different tools available such as easyrsa, openssl or cfssl etc. or many others for generating certificates.

Certificate Authority (CA)

Generate Keys
```
$ openssl genrsa -out ca.key 2048
```

Generate CSR

$ openssl req -new -key ca.key -subj "/CN=KUBERNETES-CA" -out ca.csr

Sign certificates

$ openssl x509 -req -in ca.csr -signkey ca.key -out ca.crt

ca1

Generating Client Certificates

Admin User Certificates

Generate Keys
```
$ openssl genrsa -out admin.key 2048
```

Generate CSR

$ openssl req -new -key admin.key -subj "/CN=kube-admin" -out admin.csr

Sign certificates

$ openssl x509 -req -in admin.csr -CA ca.crt -CAkey ca.key -out admin.crt

ca2

Certificate with admin privilages

$ openssl req -new -key admin.key -subj "/CN=kube-admin/O=system:masters" -out admin.csr

We follow the same procedure to generate client certificate for all other components that access the kube-apiserver.

crt1

crt2

crt3

crt4

Generating Server Certificates

ETCD Server certificate

etc1

etc2

Kube-apiserver certificate

api1

api2

Kubectl Nodes (Server Cert)

kctl1

Kubectl Nodes (Client Cert)

kctl2

Mayur BN

Explorer

07-TLS-in-Kubernetes-Certificate-Creation

TLS in kubernetes - Certificate Creation

Generate Certificates

Certificate Authority (CA)

Generating Client Certificates

Admin User Certificates

We follow the same procedure to generate client certificate for all other components that access the kube-apiserver.

Generating Server Certificates

ETCD Server certificate

Kube-apiserver certificate

Kubectl Nodes (Server Cert)

Kubectl Nodes (Client Cert)

Graph View

Table of Contents

Backlinks

Explorer

Recent Notes

Cilium Clustermesh Deployment on Helm or ArgoCD on AKS

01-Course-Introduction

02-Certification

04-ETCD-For-Beginners

12-Resource-Limits