domingo, 22 de septiembre de 2024

Self-Signed Certificate for Kubernetes Applications

Generate Private Key and CSR:
openssl req -newkey rsa:2048 -nodes -keyout tls.key -out tls.csr


Create Self-Signed Certificate:
openssl x509 -req -sha256 -days 365 -in tls.csr -signkey tls.key -out tls.crt


Then obtain the output on base64
cat tls.crt | base64
cat tls.key | base64


Add the resource Secret with the output of the cat and key:

apiVersion: v1
kind: Secret
metadata:
name: secret-tls
namespace: default
data:
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURWekNDQWorZ0F3SUJBZ0lVUFdQSGU3K3dWUG1ETUVOWE9GRzJMQkl5c1RBd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1ZERUxNQWtHQTFVRUJoTUNWVmt4RURBT0JnTlZCQWdNQjBac2IzSnBaR0V4RURBT0JnTlZCQWNNQjBacwpiM0pwWkdFeElUQWZCZ05WQkFvTUdFbHVkR1Z5Ym1WMElGZHBaR2RwZEhNZ1VIUjVJRXgwWkRBZUZ3MHlOREE1Ck1qSXdNekF5TWpCYUZ3MHlOVEE1TWpJd016QXlNakJhTUZReEN6QUpCZ05WQkFZVEFsVlpNUkF3RGdZRFZRUUkKREFkR2JHOXlhV1JoTVJBd0RnWURWUVFIREFkR2JHOXlhV1JoTVNFd0h3WURWUVFLREJoSmJuUmxjbTVsZENCWAphV1JuYVhSeklGQjBlU0JNZEdRd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUURLClIwc3F0YUxvV0lDRWtXWUxJOWI3aGFMUVRoWkwyLzJ3c3p2ZHljM1pUSVVESHN6ZkhSVnI4bmZOc0tRTHhuMXQKRE1yM2prM1E2TitFVGcwMWZJUklnVVNWSm56a2dYanJreGg5bWVZSjhKbEptbHdDVGJ1UWJYdnF2dHNQUktKZgp6Tnhtc2ZCVlNCUWN3ejJWUFF4cEhSVFNkVFFRejZ6RFBtWk5oekVhdE5XTDI1d2FvMlZ4cU5qL3hvOVpWY1Z0CkNnRGVieGVIUHh5MkllTHp6R2M0cTB1Mi83NmNyMEpaZWVtbjFrNXl5TTlUQjF2ZXp2L2FXdGRjSWdGSnJJM2gKaEhqOWkxK3gxUnFZS20vb2M5V0pqN1ExRzVRRkt1bWxXWG9yWis3TlNnOVNwaE9hNXBaWXVHYmVZYkw0T3NTYgpaVFg3d21OT3ZqVU4zbmd1U3pOSkFnTUJBQUdqSVRBZk1CMEdBMVVkRGdRV0JCU1NrdjlWLzdySlA1S0NYSU1wCnBqUXVtcWhCc0RBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQUhtYTREamVXaS9wc1VwcStHRHpoanZRQ3hjTEgKbU1NczFNc3RiNWxlcTNkbDZMTWhieVVPN0FBa2JZRENXZEhJMlZuY2J0dlgrZWdyRC9Cd1QwWTJuU2tIKzBrRgoxVFgycG1BekRmakt3VldLTnNoaXpHbnMvNHJyTlVGOXJtNDRpRU1MZFppa0pjTlFYV0taY2RDLyszV21PNk1OCm9hMkw2clpWWDczdU0vRmt3TDExT0dBWXZ5Lzk4ZVl6am05OWExa1VCSy9yZDF2ek1pcXpiYndUalpzT3FWdnkKVExqS3JBc0NISXR5NUtZakwvdUVPb2h1ZVQrOVQrU05IM0JmV2J2L1dqeTUyMTZYTDdFVGw3N016M2RVL0tJVwoycGFqNFpvQUhFc0NuY1hRL2djVGhsWTFXM3pYUk9tRmU4S21yNVVMSktWR3lNRkRwU2FIZFlzY05nPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRREtSMHNxdGFMb1dJQ0UKa1dZTEk5YjdoYUxRVGhaTDIvMndzenZkeWMzWlRJVURIc3pmSFJWcjhuZk5zS1FMeG4xdERNcjNqazNRNk4rRQpUZzAxZklSSWdVU1ZKbnprZ1hqcmt4aDltZVlKOEpsSm1sd0NUYnVRYlh2cXZ0c1BSS0pmek54bXNmQlZTQlFjCnd6MlZQUXhwSFJUU2RUUVF6NnpEUG1aTmh6RWF0TldMMjV3YW8yVnhxTmoveG85WlZjVnRDZ0RlYnhlSFB4eTIKSWVMenpHYzRxMHUyLzc2Y3IwSlplZW1uMWs1eXlNOVRCMXZlenYvYVd0ZGNJZ0ZKckkzaGhIajlpMSt4MVJxWQpLbS9vYzlXSmo3UTFHNVFGS3VtbFdYb3JaKzdOU2c5U3BoT2E1cFpZdUdiZVliTDRPc1NiWlRYN3dtTk92alVOCjNuZ3VTek5KQWdNQkFBRUNnZ0VBRG1NNnkvdG1ibnRaRE5UZ3Vyc2VYLzZWNFpZa1ROb0ZkZXVSdndsTEhJRXUKVnRYNmdZWXFqMmFNTWZPMS8yWnJablhKL0FqQnJUSGJNQ2h6RlJKWndHUjljZFJ1ZnJ4YzB2aS8vYk1VSXpIYgpYVnBlNEFVU2FjZjN6KzhxV3JBcGtvSGFUVzJycUEwNzdQM1FKQXpYRktUdVpiZlRiN3l0ejZkaEZIT2d3UUxxClpaSnBJOC9xZHNHcUgySEppenJuQktFSWpoeEg0Qys4NHJnbjFZQXc3M1BWSlJMOFhQOERBalZxN0UyM2QrQWYKd3hOQ0pZRURBN0NlVWVGWkIrQXppL3htVm5aK0xhR2k3YWFqZ3RYdnI0SVZzaitBdFZ6blpRVFprMk1WOEVkKwprUnhaSm42bmEwcTZOMjJacmY2eU9WNk11NkFnQm9hVTZEWjRoRlJGK1FLQmdRRHM2VWVkUVVOTHhkdEpBV1JUCnRzZ09BYklqZHdjL2xNYW12N0JsdGtZUTc2L3JsK2hiUW1CTU84My9FWEd3eXpjOHU1Y2EyUFpUb2JDamNQY1EKMDdGQ2w5dFdtMlBkNXFjVVBXcGNSb21ZQkZNK3NiN241d2prMFpQdksrb2docFRzVE5NMzJRZnZld3dKVlN0UgpMM2VXZVd0cWVwZlBhYVVxQmFHQUlvbVgxUUtCZ1FEYWs2YW43ZUpadVRJbXZhcjUwSnJ3SmRkNzZxc2xjQ3ZtCnRpamJlSTltNnRaK0k2Unl3aHczaWQwcnB6QzBGVjg3bHpDenBrN1Q0M1BPV1JPb3NzTldRdE9LWjlIMjdVUTgKWU1LWUVZbml0M2lqUytKS1F1VHZtdzR4dDBQMWs5RG9BZlRrcWFKYlRVSXVXbG1iSFFOc0U1bUVwcG5IUENNSwp0c1lyTm9WN3BRS0JnQ3QyVkh3RitBbVRuN29SOWt6aFVHdzVaV3ZhTDBzN3lRSFlVczBtRms2UEdrLzNTMXBLCm9BMzhQcnRYZ09yMUxRb0lSQjFaeGo3cmY5Tk1LeGM4THQzUHJCNkVYVnJkTUxPbTNMZFcvWEVWQWd5VFlUbDgKQ2dhb2FDSk5oU000YldPNGFGdHJobWdwdzdpR2xtN0xiWDMrZ25WRFRreHZ6aXdhWWxsMmZKV05Bb0dCQU1KcwphZWFnRkNKSk9KSDdUalZ1V0JOYkpjVEU1YjJrZkhoNCtmalcwWC96VGgzZnFHeW51eCt2MHZyOGViY0Y5N0x5CjlsQW1rNkdvaFo4NzN0L0ZPem5rc1hSQWl5U0F3cHlPV1NtWkdEU0JqSjU4Wm1vMS9Kd2hLVXdSdnpLWGJGQ2oKUk9tTTlxME9HTnRRWkxvejRaSm1FTDFNMENiSG1FZjBjbXVIME00OUFvR0JBSkREaTNVU2hGTHZXK1JVMnRXZQpkSlljdzRLcGZVTUZoU2lsREJXWEpvT1cwLytCN2d0REdPVStmQ0xrMjJ4UGxhU3hlenQ1NlJodWdJMW1haFRwClQ5aVp5VFZFangzS2g2ek9Ya28rYTVSNm1pTXBmWE9sZUExeHVCcDNNa2hCZzNzWWRCa0k3YnkvNkN3bFVueUcKRnFMUDR3UUVnSG1qRStSeXJwc1dyNGFVCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
type: kubernetes.io/tls




Test the website with curl

alejandrogarcia@MacBook-Air-de-Alejandro AWS % curl -v https://curl -v https://34.238.244.132 -H 'Host: test.rutamania.com' -k

* Could not resolve host: curl

* Closing connection 0

curl: (6) Could not resolve host: curl

*   Trying 34.238.244.132:443...

* Connected to 34.238.244.132 (34.238.244.132) port 443 (#1)

* ALPN: offers h2,http/1.1

* TLSv1.2 (OUT), TLS handshake, Client hello (1):

* TLSv1.2 (IN), TLS handshake, Server hello (2):

* TLSv1.2 (IN), TLS handshake, Certificate (11):

* TLSv1.2 (IN), TLS handshake, Server key exchange (12):

* TLSv1.2 (IN), TLS handshake, Server finished (14):

* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):

* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):

* TLSv1.2 (OUT), TLS handshake, Finished (20):

* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):

* TLSv1.2 (IN), TLS handshake, Finished (20):

* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256

* ALPN: server accepted h2

* Server certificate:

*  subject: O=Acme Co; CN=Kubernetes Ingress Controller Fake Certificate

*  start date: Sep 22 12:01:29 2024 GMT

*  expire date: Sep 22 12:01:29 2025 GMT

*  issuer: O=Acme Co; CN=Kubernetes Ingress Controller Fake Certificate

*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.

* using HTTP/2

* h2 [:method: GET]

* h2 [:scheme: https]

* h2 [:authority: test.rutamania.com]

* h2 [:path: /]

* h2 [user-agent: curl/8.1.2]

* h2 [accept: */*]

* Using Stream ID: 1 (easy handle 0x7fab1400ee00)

> GET / HTTP/2

> Host: test.rutamania.com

> User-Agent: curl/8.1.2

> Accept: */*

< HTTP/2 200 

< date: Sun, 22 Sep 2024 14:44:53 GMT

< content-type: text/plain; charset=utf-8

< content-length: 72

Hello, world!

Version: 1.0.0

Hostname: webapp-hello-v1-77f47d465c-sfgfr

* Connection #1 to host 34.238.244.132 left intact

No hay comentarios:

Publicar un comentario