Technotes

Technotes for future me

Generate TLS Secret for kubernetes

Prepare the certificate chain

If you add multiple certificates in your crt make sure it’s in the format below:

-----BEGIN CERTIFICATE-----
<put your certificate value in a single line >
-----END CERTIFICATE-----
-----BEGIN INTERMEDIATE CERTIFICATE-----
<put your certificate value in a single line>
-----END INTERMEDIATE CERTIFICATE-----
-----BEGIN ROOT CERTIFICATE-----
<put your certificate value in a single line>
-----END ROOT CERTIFICATE-----
cat star.blaataap.com.pem KPN_PKIoverheid_Server_CA_2020.pem DomeinServerCA2020.pem StaatderNederlandenEVRootCA.pem >> star.blaataap.com.crt

Create the kubernetes resource

kubectl create secret tls -n blaataapnamespace star.blaataap.com --key star.blaataap.com.key --cert star.blaataap.com.crt

Use the Secret in a Pod

The Deployment definition below shows how to use the Secret above within a Pod.

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: platform-ingress
  name: jenkins
  namespace: platform
spec:
  rules:
  - host: jenkins-blaataap.com
    http:
      paths:
      - backend:
          serviceName: jenkins
          servicePort: 80
        path: /
  tls:
  - hosts:
    - jenkins-blaataap.com
    secretName: star.blaataap.com

Update the secret

kubectl create secret tls star.blaataap.com --key star.blaataap.com.privkey.pem --cert star.blaataap.com.fullchain.pem --dry-run=client -o yaml | kubectl apply -f -
Last updated on 9 Sep 2021
Published on 6 Nov 2020
Edit on GitHub