Menu
Products
Open Source
- Configure popular ACME clients to use a private CA
- Use Kubernetes cert-manager with
step-ca - Issue X.509 host certificates to cloud VMs
- Issue X.509 user certificates via your identity provider
- Create a CA that uses RSA keys
- Import an existing root or intermediate CA into
step-ca - Use Keycloak to issue SSH certificates with step-ca
- Run an SSH CA and connect to VMs using SSH certificates
- Use AWS to deploy a certificate authority and secure microservices
- Run
step-cain a Docker container - Federate multiple autonomous certificate authorities
Products
Open Source
- Configure popular ACME clients to use a private CA
- Use Kubernetes cert-manager with
step-ca - Issue X.509 host certificates to cloud VMs
- Issue X.509 user certificates via your identity provider
- Create a CA that uses RSA keys
- Import an existing root or intermediate CA into
step-ca - Use Keycloak to issue SSH certificates with step-ca
- Run an SSH CA and connect to VMs using SSH certificates
- Use AWS to deploy a certificate authority and secure microservices
- Run
step-cain a Docker container - Federate multiple autonomous certificate authorities
Kubernetes TLS
TLS is the cryptographic protocol that powers encryption for many network applications. To use Kubernetes TLS, you need certificates. TLS certificates are fundamental to standing up a Kubernetes cluster and for interacting with/within the cluster. Given this reliance on certificates, we are often asked for advice on how to “do certificates in Kubernetes”.
"Doing certificates in Kubernetes" can mean a lot of things!
Here’s a hit list of places where you can use TLS certificates:
- Kubernetes Ingresses / ingress controllers
- Containers (the application in a container needs a cert)
- Service mesh
kubernetes.io/tlssecrets- The Kubernetes datastore (eg.
etcd) - Kubernetes Nodes and other components
- Admission Controllers
- Users and Kubernetes API Server connections
At Smallstep, we’ve thought deeply about these cases and have created a series of articles to help you on your journey toward Kubernetes TLS.
It all starts with a question - “What are you looking to achieve?”
Kubernetes can be a complex beast. There's a lot of concepts to learn and practice before one knows what they’re doing. It can become even more difficult to secure Kubernetes while wrangling the other moving pieces of your cluster. Regardless of the network hierarchy and policies in place, automating security by design will always make your cluster’s workload safer and more reliable.
Using Certificate Manager alongside some of Smallstep’s open-source projects, it suddenly becomes simple to automate certificate issuance into a Kubernetes deployment. All you need is a little bit of YAML and a working cluster to start issuing Kubernetes TLS certificates to your microservices, and stop bad actors in their tracks. Simple and straightforward tooling can make the difference between an exposed microservice, and one that is secure by design.
Subscribe to updates
Unsubscribe anytime. See our privacy policy.
© 2023 Smallstep Labs, Inc. All rights reserved.