First step, generate the CA Key and Certificate:
openssl req -x509 -sha256 -newkey rsa:4096 -keyout ca.key -out ca.crt -days 356 -nodes -subj '/CN=MyOrganization'
Generate the Server Key, and Certificate:
openssl req -new -newkey rsa:4096 -keyout server.key -out server.csr -nodes -subj '/CN=*.example.com'
Sign with the CA Certificate:
openssl x509 -req -sha256 -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt
Create a manifest containing the secret:
kubectl create secret generic ca-secret --from-file=tls.crt=server.crt --from-file=tls.key=server.key --from-file=ca.crt=ca.crt -o yaml --dry-run > tls-secret.yaml
Create the secret in default namespace:
kubectl apply -f tls-secret.yaml
Verify the secret has been created:
kubectl get secrets
The output should be:
ca-secret Opaque 3 35s
No comments:
Post a Comment