Juned Memon
Juned Memon Good for nothing

Creating-Kubernets-Secret-From-TLS-Cert

Creating-Kubernets-Secret-From-TLS-Cert

Creating Kubernets Secret from TLS certificate

Create the TLS cert

Create the TLS cert first. I use mkcert tool for that. Which is very easy to use.

1
2
3
4
5
6
7
8
9
10
11
12
$ mkdir /tmp/certs/
$ cd /tmp/certs/
$ mkcert "*.ijuned.com"
Using the local CA at "/Users/jmemon/Library/Application Support/mkcert" ✨

Created a new certificate valid for the following names 📜
 - "*.ijuned.com"

Reminder: X.509 wildcards only go one level deep, so this won't match a.b.ijuned.com ℹī¸

The certificate is at "./_wildcard.ijuned.com.pem" and the key at "./_wildcard.ijuned.com-key.pem" ✅

Generate the base64 string from the certificate and key

1
2
3
4
5
6
$ cat _wildcard.ijuned.com-key.pem | base64
LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRREVnTUxwanFwRHhrTmMKRkhpUWtCODdXYmIvTUFlQ2dYeHJPV09zZUpoUzA0Qm1BcVFJZjNSczBGUUw1Tks0SkxWRk1COG4xeXdGNmtDMQoxR293UGxrdzhZWWx2a2J0MGgzbjlIZHNZUWRxNXdFVmhhYUN5RUdWTWQxdHFHUVdhamh1amViUUtqUmtjeSt4CkZxSXBGQ3I2dFI1MW1nMjYrRGtsMXR4ckJoK3IyQVltVnBYcDA0TmY3YmxIcWRSbE9OWUJrM0g0QkluVURESjMKZHoxY1h6RE1yMXBoSmt2WkVZNlphRkVVaW1rQ3JBNGpNT0s1MVEydzhuRG96ak0xa3JRS1N2d0VZSG5CekVMbwpWUkpSR0lOd2hOR3JkRzlOeUVmK1ltSkR3YkRqUVFRcGEvSEtBWVZJRTJXZ1hQdkZhZTF4YnErTGxtZnpGYlkrCjNiemhTdjh0QWdNQkFBRUNnZ0VBTUhEOW04NExzMEdCQVlZYVlxamt5aURIdUFrREVPMFMydXYrNGxtb1UyTEkKV0YxMlNwSUJCWUlsOWZpbTZiWkM2WmQvVnJiNHAweWtQeTdxTHBKd01seVlFVjNpNW1YUjhZaVdtQ1VqU3ZzLwpqU3F4YmJRb1ZydEFOdlE0R0Q1L1F1SEFjTGkyeWJ5TG1VQlhJWUZUUnhLM080NktxL2pkUGJMR0M2d3F5cFc3Cjk2VVhTY04zYklHWVpjWlBBenNJci9RaUpib2JJcVNoYjE5bWFmMWs2LzBqa2tudzNtbnY2bUZhdjBuZzJaLzkKUno4a0Z2UmxRbmtGeTlkd2E4eG0rbzRKbGhybVhJb21vZUZNU2NVZTVJU1pEWmg5SkJmQnR2Z0hxbU5NRVBQSQoyMXNhSFVuTGVaTi9VMXFFT0lOZ2xoK1hSSllLMXNvTWlPRTdxUGxQZ1FLQmdRRGlsby9QZnhhaXVUdytxL01NClg2RVRDREk1Nzg5Z3F3SXk1ZDVFTEtxanJJb3lWYzNjZVpFRVc1Mlg5aG1BMGsyY05QTnVERTI2Z2ZFL1hYMEQKWFdhVkxRMG5KQnc0OGR1aXp3cXhyaDI2TkxIV0FhODBlbVU1eVlxRmxSejFUaG90WTJIaWdTUHNpcUlOUjU1RAp3QkZIQ2RnTG1scnNndkkrRllzN3dPWDFSUUtCZ1FEZUFuc3RYaFRGQkZzVExjUkU3R1hSWUw0cXdYZ2tWTmI1CmUraGMzVCtRdDJmSEpHdTNic3ZOQ243bWZZRVJOSG0zZVFwQTdNYTBITmRiYlJCNFBTQjZSeExLL0hiQzRZMVIKb2FCYVAvUmZ2WExPd1FIWDBGU1RaR3BjQ3JETXdWVFRYVlUxSGhXTkJqaTdEUGxxMWtLREkvVCtneTR1V2pHOQp0VjVaS1RCOHlRS0JnUURFb2hZdzRrQVpmSmhzWnJubjdnRVJUQmFTTXFzTFg3dnJ3WkhPSmRqN2F0c083V2xWCndHVjVtNnU2V1FZdXhkSTJFYm1Dc2NpdVp0K2R0cHFyVmQyVTdXQ3hxK09XQTBVd0YyNVhYUnROSVRlRzJUVmIKWERBR0l3RkVCVy80N1F0SWdpdEs3ZmpuNkRMVFJXaHhzUGNOWjl5RnpUREVlS3FSK0E0NUQ2QS81UUtCZ1FDagpGSFdCSE9QcTJVbEJiRlFKUVJHRjNTZXo1b3duTy83eUlyZk1SMldqRzJackhYRFd2TmVPRlpDa0pUc0M5V1lYCmhSMG9GZ1hjVm5kSG5IVUZyZmxHZVNEdjVNWWtYMlRjdXZvOGNWQkVaN2lHOGJZMTNyM1J5MmhwbGh6TE81VGcKOG1WZDhHeHFQRkM5N2tqazF1RGl6aTN3SzFKb0VDOExxTWZXZlBBMktRS0JnQ21FZm1QVk1UdlVMOWduNXJCaApxc00vazZSU0lGNEN4emdiM2hMbjJZM21rQnJaeFh6a3VXY3NTWVFuaG13dHR0bCtHbWNVMEdNTjVYVXhwSHBFCmIwNUZVdFJwR05JRk9nbVZXUmdibXEwdGZnZlc1SkgyNjlQYXVqcndzS2RacHdmTmlBZDRFN05EQ2NlK29GVXkKNFFBM3NKQ09CLy9NMWQrRzZPQ09oWUYrCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K

$ cat _wildcard.ijuned.com.pem | base64
LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVUVENDQXJXZ0F3SUJBZ0lRWFJWRXFsNXZWd3hkclIzRy9zQVZwakFOQmdrcWhraUc5dzBCQVFzRkFEQi8KTVI0d0hBWURWUVFLRXhWdGEyTmxjblFnWkdWMlpXeHZjRzFsYm5RZ1EwRXhLakFvQmdOVkJBc01JV3B0Wlcxdgpia0JETURKWVNEWTJXVXBITlUwZ0tFcDFibVZrSUUxbGJXOXVLVEV4TUM4R0ExVUVBd3dvYld0alpYSjBJR3B0ClpXMXZia0JETURKWVNEWTJXVXBITlUwZ0tFcDFibVZrSUUxbGJXOXVLVEFlRncweE9UQTJNREV3TURBd01EQmEKRncwek1EQTFNRGN4TURFeU1EbGFNRlV4SnpBbEJnTlZCQW9USG0xclkyVnlkQ0JrWlhabGJHOXdiV1Z1ZENCagpaWEowYVdacFkyRjBaVEVxTUNnR0ExVUVDd3doYW0xbGJXOXVRRU13TWxoSU5qWlpTa2MxVFNBb1NuVnVaV1FnClRXVnRiMjRwTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF4SURDNlk2cVE4WkQKWEJSNGtKQWZPMW0yL3pBSGdvRjhhemxqckhpWVV0T0FaZ0trQ0g5MGJOQlVDK1RTdUNTMVJUQWZKOWNzQmVwQQp0ZFJxTUQ1Wk1QR0dKYjVHN2RJZDUvUjNiR0VIYXVjQkZZV21nc2hCbFRIZGJhaGtGbW80Ym8zbTBDbzBaSE12CnNSYWlLUlFxK3JVZWRab051dmc1SmRiY2F3WWZxOWdHSmxhVjZkT0RYKzI1UjZuVVpUaldBWk54K0FTSjFBd3kKZDNjOVhGOHd6SzlhWVNaTDJSR09tV2hSRklwcEFxd09JekRpdWRVTnNQSnc2TTR6TlpLMENrcjhCR0I1d2N4Qwo2RlVTVVJpRGNJVFJxM1J2VGNoSC9tSmlROEd3NDBFRUtXdnh5Z0dGU0JObG9Gejd4V250Y1c2dmk1Wm44eFcyClB0Mjg0VXIvTFFJREFRQUJvMjh3YlRBT0JnTlZIUThCQWY4RUJBTUNCYUF3RXdZRFZSMGxCQXd3Q2dZSUt3WUIKQlFVSEF3RXdEQVlEVlIwVEFRSC9CQUl3QURBZkJnTlZIU01FR0RBV2dCUytBTWJSekVSbllIcEMyRlFjbCtDZAp1eXB5aURBWEJnTlZIUkVFRURBT2dnd3FMbWxxZFc1bFpDNWpiMjB3RFFZSktvWklodmNOQVFFTEJRQURnZ0dCCkFFcmJFSnFWQXNYSnBGZG5UZUtwQ1JmajBSMUJkN1JhczVoRTNGM0dmbmJtMm40SEdtV3FqamMyTDJxR1NyYmcKM1diMklGUWI3S3ZUK2lrVklBTGsxN1pRVk00MTE3UnZKYnlhbXVOQmkvTStWcU9panpRL0FvbmpVRUc2ZnplYwp3bzg3K0puV0E3UUU4Ym5NY3VHMFZDRmRWNXk2aDZobEcvdSsxMDdZcDJieS9FWVAzeEJGTGtqTUI2T3VFRkdKCk5KdHJxMUoyakkrR1JCSTMrMDdlVE9ISkNXNGpCelFzOVRxMGdBMGh4V1dYTmR2aXVrNlBSYlVMbEMxdjA4M0gKbDBXWVl6d0pjd2hMMWV4SzlCdFhockNiclloaHh5OXZpY1VCQW5IMkFKbU1yUDJ4ZUdma0tIcmFFZk56VWpyUApMQTlxYzhlVERHZElrSEZPK2UvVkdoZXpQSHNEcklnOERRV3RKTFFJUmdYSm1uZXFVcW5ZclRUSnJETGtlcEVlCm90K0p4Mk9pM3JOd2FzY3I0akRrT2hUM0xPOUZkbW05RFZEcnRLZzlwd2hGV2pYYm5LN0c4TndMaVcvcTdacFYKcVU5TUVMVzNlTVdtcWNhNE8wMk1Pa0dhVTJPZk5TdS9PM2YyNzBVVXc2VXhYVWMwYmRaaThVSkFlclh3VG9rMApTZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K

reate a kubernetes resource definition (YAML) that will create the Secret resource. Change the base64 data as per your certificate

1
2
3
4
5
6
7
8
9
10
$ cat tls-secret.key
apiVersion: v1
kind: Secret
metadata:
  name: registry.ijuned.com.tls
  namespace: default
type: kubernetes.io/tls
data:
  tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRREVnTUxwanFwRHhrTmMKRkhpUWtCODdXYmIvTUFlQ2dYeHJPV09zZUpoUzA0Qm1BcVFJZjNSczBGUUw1Tks0SkxWRk1COG4xeXdGNmtDMQoxR293UGxrdzhZWWx2a2J0MGgzbjlIZHNZUWRxNXdFVmhhYUN5RUdWTWQxdHFHUVdhamh1amViUUtqUmtjeSt4CkZxSXBGQ3I2dFI1MW1nMjYrRGtsMXR4ckJoK3IyQVltVnBYcDA0TmY3YmxIcWRSbE9OWUJrM0g0QkluVURESjMKZHoxY1h6RE1yMXBoSmt2WkVZNlphRkVVaW1rQ3JBNGpNT0s1MVEydzhuRG96ak0xa3JRS1N2d0VZSG5CekVMbwpWUkpSR0lOd2hOR3JkRzlOeUVmK1ltSkR3YkRqUVFRcGEvSEtBWVZJRTJXZ1hQdkZhZTF4YnErTGxtZnpGYlkrCjNiemhTdjh0QWdNQkFBRUNnZ0VBTUhEOW04NExzMEdCQVlZYVlxamt5aURIdUFrREVPMFMydXYrNGxtb1UyTEkKV0YxMlNwSUJCWUlsOWZpbTZiWkM2WmQvVnJiNHAweWtQeTdxTHBKd01seVlFVjNpNW1YUjhZaVdtQ1VqU3ZzLwpqU3F4YmJRb1ZydEFOdlE0R0Q1L1F1SEFjTGkyeWJ5TG1VQlhJWUZUUnhLM080NktxL2pkUGJMR0M2d3F5cFc3Cjk2VVhTY04zYklHWVpjWlBBenNJci9RaUpib2JJcVNoYjE5bWFmMWs2LzBqa2tudzNtbnY2bUZhdjBuZzJaLzkKUno4a0Z2UmxRbmtGeTlkd2E4eG0rbzRKbGhybVhJb21vZUZNU2NVZTVJU1pEWmg5SkJmQnR2Z0hxbU5NRVBQSQoyMXNhSFVuTGVaTi9VMXFFT0lOZ2xoK1hSSllLMXNvTWlPRTdxUGxQZ1FLQmdRRGlsby9QZnhhaXVUdytxL01NClg2RVRDREk1Nzg5Z3F3SXk1ZDVFTEtxanJJb3lWYzNjZVpFRVc1Mlg5aG1BMGsyY05QTnVERTI2Z2ZFL1hYMEQKWFdhVkxRMG5KQnc0OGR1aXp3cXhyaDI2TkxIV0FhODBlbVU1eVlxRmxSejFUaG90WTJIaWdTUHNpcUlOUjU1RAp3QkZIQ2RnTG1scnNndkkrRllzN3dPWDFSUUtCZ1FEZUFuc3RYaFRGQkZzVExjUkU3R1hSWUw0cXdYZ2tWTmI1CmUraGMzVCtRdDJmSEpHdTNic3ZOQ243bWZZRVJOSG0zZVFwQTdNYTBITmRiYlJCNFBTQjZSeExLL0hiQzRZMVIKb2FCYVAvUmZ2WExPd1FIWDBGU1RaR3BjQ3JETXdWVFRYVlUxSGhXTkJqaTdEUGxxMWtLREkvVCtneTR1V2pHOQp0VjVaS1RCOHlRS0JnUURFb2hZdzRrQVpmSmhzWnJubjdnRVJUQmFTTXFzTFg3dnJ3WkhPSmRqN2F0c083V2xWCndHVjVtNnU2V1FZdXhkSTJFYm1Dc2NpdVp0K2R0cHFyVmQyVTdXQ3hxK09XQTBVd0YyNVhYUnROSVRlRzJUVmIKWERBR0l3RkVCVy80N1F0SWdpdEs3ZmpuNkRMVFJXaHhzUGNOWjl5RnpUREVlS3FSK0E0NUQ2QS81UUtCZ1FDagpGSFdCSE9QcTJVbEJiRlFKUVJHRjNTZXo1b3duTy83eUlyZk1SMldqRzJackhYRFd2TmVPRlpDa0pUc0M5V1lYCmhSMG9GZ1hjVm5kSG5IVUZyZmxHZVNEdjVNWWtYMlRjdXZvOGNWQkVaN2lHOGJZMTNyM1J5MmhwbGh6TE81VGcKOG1WZDhHeHFQRkM5N2tqazF1RGl6aTN3SzFKb0VDOExxTWZXZlBBMktRS0JnQ21FZm1QVk1UdlVMOWduNXJCaApxc00vazZSU0lGNEN4emdiM2hMbjJZM21rQnJaeFh6a3VXY3NTWVFuaG13dHR0bCtHbWNVMEdNTjVYVXhwSHBFCmIwNUZVdFJwR05JRk9nbVZXUmdibXEwdGZnZlc1SkgyNjlQYXVqcndzS2RacHdmTmlBZDRFN05EQ2NlK29GVXkKNFFBM3NKQ09CLy9NMWQrRzZPQ09oWUYrCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVUVENDQXJXZ0F3SUJBZ0lRWFJWRXFsNXZWd3hkclIzRy9zQVZwakFOQmdrcWhraUc5dzBCQVFzRkFEQi8KTVI0d0hBWURWUVFLRXhWdGEyTmxjblFnWkdWMlpXeHZjRzFsYm5RZ1EwRXhLakFvQmdOVkJBc01JV3B0Wlcxdgpia0JETURKWVNEWTJXVXBITlUwZ0tFcDFibVZrSUUxbGJXOXVLVEV4TUM4R0ExVUVBd3dvYld0alpYSjBJR3B0ClpXMXZia0JETURKWVNEWTJXVXBITlUwZ0tFcDFibVZrSUUxbGJXOXVLVEFlRncweE9UQTJNREV3TURBd01EQmEKRncwek1EQTFNRGN4TURFeU1EbGFNRlV4SnpBbEJnTlZCQW9USG0xclkyVnlkQ0JrWlhabGJHOXdiV1Z1ZENCagpaWEowYVdacFkyRjBaVEVxTUNnR0ExVUVDd3doYW0xbGJXOXVRRU13TWxoSU5qWlpTa2MxVFNBb1NuVnVaV1FnClRXVnRiMjRwTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF4SURDNlk2cVE4WkQKWEJSNGtKQWZPMW0yL3pBSGdvRjhhemxqckhpWVV0T0FaZ0trQ0g5MGJOQlVDK1RTdUNTMVJUQWZKOWNzQmVwQQp0ZFJxTUQ1Wk1QR0dKYjVHN2RJZDUvUjNiR0VIYXVjQkZZV21nc2hCbFRIZGJhaGtGbW80Ym8zbTBDbzBaSE12CnNSYWlLUlFxK3JVZWRab051dmc1SmRiY2F3WWZxOWdHSmxhVjZkT0RYKzI1UjZuVVpUaldBWk54K0FTSjFBd3kKZDNjOVhGOHd6SzlhWVNaTDJSR09tV2hSRklwcEFxd09JekRpdWRVTnNQSnc2TTR6TlpLMENrcjhCR0I1d2N4Qwo2RlVTVVJpRGNJVFJxM1J2VGNoSC9tSmlROEd3NDBFRUtXdnh5Z0dGU0JObG9Gejd4V250Y1c2dmk1Wm44eFcyClB0Mjg0VXIvTFFJREFRQUJvMjh3YlRBT0JnTlZIUThCQWY4RUJBTUNCYUF3RXdZRFZSMGxCQXd3Q2dZSUt3WUIKQlFVSEF3RXdEQVlEVlIwVEFRSC9CQUl3QURBZkJnTlZIU01FR0RBV2dCUytBTWJSekVSbllIcEMyRlFjbCtDZAp1eXB5aURBWEJnTlZIUkVFRURBT2dnd3FMbWxxZFc1bFpDNWpiMjB3RFFZSktvWklodmNOQVFFTEJRQURnZ0dCCkFFcmJFSnFWQXNYSnBGZG5UZUtwQ1JmajBSMUJkN1JhczVoRTNGM0dmbmJtMm40SEdtV3FqamMyTDJxR1NyYmcKM1diMklGUWI3S3ZUK2lrVklBTGsxN1pRVk00MTE3UnZKYnlhbXVOQmkvTStWcU9panpRL0FvbmpVRUc2ZnplYwp3bzg3K0puV0E3UUU4Ym5NY3VHMFZDRmRWNXk2aDZobEcvdSsxMDdZcDJieS9FWVAzeEJGTGtqTUI2T3VFRkdKCk5KdHJxMUoyakkrR1JCSTMrMDdlVE9ISkNXNGpCelFzOVRxMGdBMGh4V1dYTmR2aXVrNlBSYlVMbEMxdjA4M0gKbDBXWVl6d0pjd2hMMWV4SzlCdFhockNiclloaHh5OXZpY1VCQW5IMkFKbU1yUDJ4ZUdma0tIcmFFZk56VWpyUApMQTlxYzhlVERHZElrSEZPK2UvVkdoZXpQSHNEcklnOERRV3RKTFFJUmdYSm1uZXFVcW5ZclRUSnJETGtlcEVlCm90K0p4Mk9pM3JOd2FzY3I0akRrT2hUM0xPOUZkbW05RFZEcnRLZzlwd2hGV2pYYm5LN0c4TndMaVcvcTdacFYKcVU5TUVMVzNlTVdtcWNhNE8wMk1Pa0dhVTJPZk5TdS9PM2YyNzBVVXc2VXhYVWMwYmRaaThVSkFlclh3VG9rMApTZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K

Now create the secret from the YAML

1
2
$ kubectl apply -f tls-secret.key
secret/registry.ijuned.com.tls created

Verify the secret is available

1
2
3
$ kubectl get  secret/registry.ijuned.com.tls
NAME                      TYPE                DATA   AGE
registry.ijuned.com.tls   kubernetes.io/tls   2      39s

comments powered by Disqus