WEBVTT

00:00.930 --> 00:02.670
-: In this section we're gonna start putting together

00:02.670 --> 00:03.990
our certificate file.

00:03.990 --> 00:05.970
Again, this is a, going to be a config file

00:05.970 --> 00:07.710
that's going to describe some details

00:07.710 --> 00:10.410
around the certificate that we are trying to obtain.

00:10.410 --> 00:12.150
So back inside of my code editor

00:12.150 --> 00:13.920
I'm gonna create a new config file

00:13.920 --> 00:15.150
inside the K eights's directory

00:15.150 --> 00:17.853
called certificate dot YAML.

00:20.100 --> 00:21.540
Then inside of here, we'll put together

00:21.540 --> 00:22.740
a little bit of config.

00:22.740 --> 00:24.750
As usual, looks very similar

00:24.750 --> 00:27.660
to a lot of the other config files we've put together.

00:27.660 --> 00:30.060
We'll start off with an API version again

00:30.060 --> 00:35.060
of cert manager dot K eight dot io slash v one alpha one.

00:37.020 --> 00:39.730
The kind is going to be a certificate

00:41.550 --> 00:45.000
and our metadata is going to have a name

00:45.000 --> 00:48.045
and I'll use my domain name in here just to

00:48.045 --> 00:50.130
make sure that's really clear what this certificate is for.

00:50.130 --> 00:52.983
So my domain was K eight's multicom,

00:53.940 --> 00:55.770
and I'll put on TLS on here

00:55.770 --> 00:58.383
just to indicate that this is a TLS certificate.

01:00.420 --> 01:03.450
All right. After that we'll put down our spec.

01:03.450 --> 01:08.450
We're going to provide a secret name of keightsmulti.com.

01:09.120 --> 01:12.300
You can replace this with whatever your domain name is

01:12.300 --> 01:13.560
both for the name up here

01:13.560 --> 01:15.780
and for the secret name down here as well.

01:15.780 --> 01:18.090
The secret name right here is specifying where

01:18.090 --> 01:19.710
our certificate should be stored

01:19.710 --> 01:21.990
after is obtained by Cert Manager.

01:21.990 --> 01:24.330
So this is this little secret that is

01:24.330 --> 01:26.223
created as a part of the certificate.

01:27.240 --> 01:29.790
Again, we do not have to create the secret ahead of time.

01:29.790 --> 01:32.190
It'll be automatically created for us by Cert Manager

01:32.190 --> 01:33.633
once it obtains the secret.

01:34.530 --> 01:37.890
After that, we'll define a issuer ref.

01:37.890 --> 01:40.410
The issuer ref, is a reference to the issuer

01:40.410 --> 01:42.120
that we set up and want to use

01:42.120 --> 01:44.040
in order to obtain the certificate.

01:44.040 --> 01:46.773
So for us our certificate issuer is going to be

01:46.773 --> 01:48.933
lets encrypt prod.

01:50.310 --> 01:55.310
So for issuer ref, I'll provide a name of lets encrypt prod

01:55.980 --> 01:58.488
and then we'll also designate a kind on here as well.

01:58.488 --> 02:00.810
The kind is just indicating the type

02:00.810 --> 02:02.340
of issuer that's being used.

02:02.340 --> 02:05.490
Our type of issuer is a cluster issuer.

02:05.490 --> 02:09.603
So my kind back over here will be cluster issuer.

02:11.370 --> 02:12.840
Okay, so that's the boring part.

02:12.840 --> 02:15.870
Now here comes the more interesting stuff.

02:15.870 --> 02:18.840
We're going to put down a common name.

02:18.840 --> 02:22.290
My common name is going to be keightsmulti.com.

02:22.290 --> 02:24.990
So for you, it's going to be just your domain name

02:24.990 --> 02:27.570
with the TLD on there as well.

02:27.570 --> 02:30.180
The common name is what's going to be put on the certificate

02:30.180 --> 02:31.950
in bold letters saying,

02:31.950 --> 02:36.720
this certificate is good for any address of keightsmulti.com

02:36.720 --> 02:39.060
or whatever your domain name is.

02:39.060 --> 02:42.180
So again, if you say, go back over to any existing webpage

02:42.180 --> 02:44.700
that you might have access to and look at certificate

02:44.700 --> 02:47.358
and then look at the details on

02:47.358 --> 02:49.620
right there underneath details

02:49.620 --> 02:53.070
it lists out a common name in this case of draw.io.

02:53.070 --> 02:54.900
And so the common name in this case is saying,

02:54.900 --> 02:57.200
yep this is what this certificate is good for.

02:58.470 --> 03:01.630
Now after that we'll provide DNS names

03:02.850 --> 03:05.730
and we're gonna put down two separate entries here.

03:05.730 --> 03:08.230
The first entry is going to be your domain name

03:10.080 --> 03:13.822
and then the second one will be the www version,

03:13.822 --> 03:15.690
like so

03:15.690 --> 03:18.600
remember this is in array, so get the two dashes on there

03:18.600 --> 03:21.630
and make sure you've got the correct indentation as well.

03:21.630 --> 03:24.210
Now we're gonna not talk about DNS names quite yet.

03:24.210 --> 03:25.890
We're gonna fill out just a couple more lines

03:25.890 --> 03:29.250
and we'll talk about exactly what DNS names means.

03:29.250 --> 03:31.500
All right, so after that we'll put down ACME,

03:32.550 --> 03:34.590
we'll put down config.

03:34.590 --> 03:36.270
I'm gonna put a dash in here

03:36.270 --> 03:39.120
and then say HTTP oh one,

03:39.120 --> 03:39.953
a colon

03:41.400 --> 03:43.080
and then indented inside there,

03:43.080 --> 03:46.143
I'll say ingress class is NgenX.

03:47.310 --> 03:49.660
And then underneath that we'll put domains

03:51.030 --> 03:53.313
and I'll put down www.

03:54.170 --> 03:55.234
Alright, so let's do it in order.

03:55.234 --> 03:56.067
Same order as DNS.

03:56.067 --> 03:58.410
So I'll put domains, a dash because this is an array

03:58.410 --> 04:00.840
and I'll do keightsmulti.com.

04:00.840 --> 04:03.000
So your domain in this case, of course,

04:03.000 --> 04:07.140
and www dot your domain again.

04:07.140 --> 04:10.110
So for me, keightsmulti.com, like so.

04:10.110 --> 04:11.340
All right, so what's going on here?

04:11.340 --> 04:13.440
We've got do DNS names out here

04:13.440 --> 04:15.353
and domain names down here as well.

04:15.353 --> 04:19.260
So what's going on is essentially DNS names is the list

04:19.260 --> 04:21.990
of all the different domains that should be associated

04:21.990 --> 04:23.250
with the certificate.

04:23.250 --> 04:25.050
In other words, when we get back a certificate

04:25.050 --> 04:26.799
it's going to be good

04:26.799 --> 04:28.908
for a domain name of keightsmulti.com.

04:28.908 --> 04:30.690
And it's also going to be good

04:30.690 --> 04:35.040
for a domain name of www.keightsmulti.com.

04:35.040 --> 04:37.530
So if a user goes to either of these addresses

04:37.530 --> 04:39.750
our certificate is going to cover it.

04:39.750 --> 04:42.186
Now down here we list out the same two domains again.

04:42.186 --> 04:44.250
These are the different domains

04:44.250 --> 04:46.713
that the verification process,

04:48.003 --> 04:48.836
so this entire back and forth flow,

04:48.836 --> 04:50.310
is going to attempt to access

04:50.310 --> 04:52.140
to make sure that we actually have access

04:52.140 --> 04:53.880
to the listed domain names.

04:53.880 --> 04:55.280
So it might seem like we are

04:56.133 --> 04:56.966
just repeating the same thing twice.

04:56.966 --> 04:57.799
Yeah, we definitely are

04:57.799 --> 04:59.640
but that's how the authors put this thing together

04:59.640 --> 05:01.440
so we get the two separate listings.

05:02.580 --> 05:03.630
Okay, so that's pretty much it

05:03.630 --> 05:05.820
for this certificate config file.

05:05.820 --> 05:08.220
So I'm gonna make sure that I save this as well.

05:08.220 --> 05:09.480
Now we're gonna take a quick break

05:09.480 --> 05:10.890
and we come back to the next section.

05:10.890 --> 05:12.930
We'll do one last little piece of configuration

05:12.930 --> 05:14.310
and then we're going to deploy this thing

05:14.310 --> 05:16.050
and test it out in production.

05:16.050 --> 05:18.500
So quick pause and I'll see you in just a minute.