K8 QuickBites: Creating Secure TLS Certificates for Kubernetes Deployments

This is the first of a series of blogs about Kubernetes Fundamentals, providing a quick step-by-step guide for each management scenario that is relevant when maintaining K8 workloads.

Pre-requisites

It is assumed that the reader has set u…


This content originally appeared on DEV Community and was authored by Kaye Alvarado

This is the first of a series of blogs about Kubernetes Fundamentals, providing a quick step-by-step guide for each management scenario that is relevant when maintaining K8 workloads.

Image description

Pre-requisites

It is assumed that the reader has set up their .KUBE config file in addition to having the following tools available in their machine:

  • openssl
  • kubectl

Let's dive in to the steps!

Creating the Private Key and Certificate Files

  • Create a private key file using an encryption of your choice
openssl genrsa -aes256 -out privatekey.pem 4096 
  • Now, create a certificate signing request (csr) from the key
openssl req -new -sha256 -key privatekey.pem -out certreq.csr
  • Then get a trusted certificate authority (CA) to sign your certificate. Download the generated crt tls.crt and key file. To get the unencrypted privatekey, decrypt it. You can use openssl to do this.
openssl rsa -in privatekey.pem -out tls.key
  • By this time you would have the two files
$ls tls*
tls.crt tls.key
  • Now, create the secret in the namespace that you need it for, replacing secretname and namespace with the proper values respectively
kubectl create secret tls <secretname> --cert=tls.crt --key=tls.key -n <namespace>
  • You should have a secret created in the namespace
kubectl get secrets -n <namespace>
kubectl get secret <secretname> -n <namespace>
  • The secret will have 2 values for tls.crt and tls.key. You can decode this using base64 to view the value.
echo <tls.crt value>|base64 --decode
echo <tls.key value>|base64 --decode

Adding the TLS secret to the Deployment

  • First, get the deployment name that you need to edit. Then open the file for editing.
kubectl get deployments -n <namespace>
kubectl edit deployment <deployment_name> -n <namespace>
  • In the volumes section, add an item for the secret
      volumes:
      - name: <secretname_used_for_deployment>
        secret:
          defaultMode: 420
          secretName: <secretname_in_secrets>
  • In the volumeMounts section, add the mount path where the certs will be stored
        volumeMounts:
        - mountPath: /etc/ssl/certs
          name: <secretname_used_for_deployment>
          readOnly: true
  • Once done, you can quickly verify if the certificate is present in the path you provided.
kubectl get pods -n <namespace>
kubectl exec -it <gateway_pod_name> -- ls /etc/ssl/certs

Depending on the configuration of the deployment, you can point it to pick up the certificate from the path of the certificate and private key paths.

...and that's it!

Let me know if there are any quick bites requests you want me to publish next!


This content originally appeared on DEV Community and was authored by Kaye Alvarado


Print Share Comment Cite Upload Translate Updates
APA

Kaye Alvarado | Sciencx (2024-08-21T12:50:47+00:00) K8 QuickBites: Creating Secure TLS Certificates for Kubernetes Deployments. Retrieved from https://www.scien.cx/2024/08/21/k8-quickbites-creating-secure-tls-certificates-for-kubernetes-deployments/

MLA
" » K8 QuickBites: Creating Secure TLS Certificates for Kubernetes Deployments." Kaye Alvarado | Sciencx - Wednesday August 21, 2024, https://www.scien.cx/2024/08/21/k8-quickbites-creating-secure-tls-certificates-for-kubernetes-deployments/
HARVARD
Kaye Alvarado | Sciencx Wednesday August 21, 2024 » K8 QuickBites: Creating Secure TLS Certificates for Kubernetes Deployments., viewed ,<https://www.scien.cx/2024/08/21/k8-quickbites-creating-secure-tls-certificates-for-kubernetes-deployments/>
VANCOUVER
Kaye Alvarado | Sciencx - » K8 QuickBites: Creating Secure TLS Certificates for Kubernetes Deployments. [Internet]. [Accessed ]. Available from: https://www.scien.cx/2024/08/21/k8-quickbites-creating-secure-tls-certificates-for-kubernetes-deployments/
CHICAGO
" » K8 QuickBites: Creating Secure TLS Certificates for Kubernetes Deployments." Kaye Alvarado | Sciencx - Accessed . https://www.scien.cx/2024/08/21/k8-quickbites-creating-secure-tls-certificates-for-kubernetes-deployments/
IEEE
" » K8 QuickBites: Creating Secure TLS Certificates for Kubernetes Deployments." Kaye Alvarado | Sciencx [Online]. Available: https://www.scien.cx/2024/08/21/k8-quickbites-creating-secure-tls-certificates-for-kubernetes-deployments/. [Accessed: ]
rf:citation
» K8 QuickBites: Creating Secure TLS Certificates for Kubernetes Deployments | Kaye Alvarado | Sciencx | https://www.scien.cx/2024/08/21/k8-quickbites-creating-secure-tls-certificates-for-kubernetes-deployments/ |

Please log in to upload a file.




There are no updates yet.
Click the Upload button above to add an update.

You must be logged in to translate posts. Please log in or register.