►
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Hi
everyone
welcome
to
another
cncf
webinar
today,
we're
gonna
be
talking
about
how
we
can
secure
web
services
using
less
encrypt
server,
monitor
and
all
that
in
kubernetes
before
we
get
started.
Where
am
I?
My
name
is
andrew
ramirez,
I'm
the
ceo
of
coimbi,
but
I'm
also
founder
of
the
hispanic
foundation
for
cloud
native,
which
is
a
place
where
we
share
all
the
knowledge
about
cloud
native
and
quantities
in
for
the
spanish
community.
I'm
also
part
of
the
advisory
board.
Member
of
the
deaf
network.
A
I
also
a
technical
advisor
to
some
startups
and,
of
course,
I'm
a
certified
ministerial,
quietness
administrator
and
I'm
part
of
the
team
that
also
created
some
exams
for
the
lino
foundation
and
the
cncf,
something
that
I
do
enjoy.
A
lot
is
traveling
the
world
with
my
favorite
person
in
the
world,
which
is
my
wife,
but
that's
not
enough
about
me.
So
let's
get
started
with
the
today's
agenda.
A
So
what
we're
gonna
be
doing
today
before
we
get
into
the
demo,
which
I'm
pretty
sure
that
everyone
is
looking
forward
to,
we
might
need
to
work
through
a
couple
of
the
concepts
that
we
need
to
understand.
First,
one
of
the
first
things
that
we're
going
to
be
looking
into
is
what's
https
and
http.
A
What
is
ssl
tls,
especially
let's
try
to
cover
that
topic
for
the
rest
of
us
that
people
that
might
not
be
super
experts
and
encryptions
and
that
kind
of
stuff.
We
also
gonna
talk
about
less
encrypt,
which
is
the
main
one
of
the
main
topics
on
on
these.
This
webinar
and
then
we're
gonna
see
what's
the
monitor
and
then
we're
just
going
to
put
all
that
together
into
a
nice
demo,
hoping
that
the
demogods
will
will
allow
us
to
have
this
smooth
and
nicely
right.
So,
let's
get
started
first,
http
and
https.
A
The
best
way
that
I
found
to
be
honest
to
explain
what
is
the
difference
between
http
and
https
is
to
basically
using
this
nice
image,
which
is
when
we
doing
or
our
browsing.
When
you
open
the
browser
where
we
browser
you
use
and
you
navigate
to
a
site,
you
have
to
wait
to
do
it
right.
The
first
one
is
http,
and
then
you
will
see
that
all
your
information,
all
your
traffic
is
gonna,
be
completely
in
plain
text.
A
But
it's
the
it's
the
secure
version
of
fttp,
then
all
that
information
that
you
send
from
your
browser
to
your
server
back
and
forth
is
and
is
encrypted,
meaning
that,
instead
of
seeing
your
username
and
password,
they
all
just
see
a
random
set
of
characters
that
they
cannot
decrypt
or
understand.
So
that's
that's
the
best
way
that
I
found
how
to
explain:
http,
https
and
but
then
you
might
say
well
angel,
you
say
http
https
and
then
you
you're
bringing
up
ssl
and
tls
what
what
that
even
means.
A
So
the
the
ssl,
as
you
can
see
in
the
bottom
right
of
the
image,
is,
is
now
in
both
a
certificate
but
to
to
get
more
in
in
in
deep
on
that.
What
that
means
is
so
the
the
ssl
is
a
still
widely
used
word
for
this,
describing
the
security
around
the
http
and
https
traffic.
However,
the
currently
is
is
tls
the
one
that
is
being
used
just
to
try
to
summarize
in
a
in
a
way
that
you
know
it
doesn't
get
too
complicated.
A
Tls
is
just
the
newest
version,
a
third
version
of
ssl
that
is
a
lot
more
secure
and,
of
course,
have
more
features.
But
but
it's
just
like
a
the
way
that
I
see
it's
just
an
evolution
of
ssl,
but
everywhere
you
can
still
say
ssl
in
tls.
Interchangeability
isn't
is
not
wrong.
It's
just
fine.
Here's
some
history,
how
they
were
created,
one
of
them
was
created
by
the
ssl,
was
created
by
nescafe.
A
Initially,
that
was
the
one
that
was
used
by
the
time
and
then
tla
came
after
that
by
the
internet
engineering
task
force,
and
that's
the
one
that
we
currently
use,
which
it
does
have
a
lot
more
features.
The
the
curiosity
is
that
the
ssl
3.1,
basically,
is
what
it
became.
Then
tls
1.0
at
that
time.
A
So
that's
that's
where
the
transition
started
it,
but
but
the
interesting
part
about
the
how
these
ssl
and
tls
works
is
that
now,
both
devices
or
or
in
this
case
the
client
on
the
browser
have
that
certificate
that
they
use
to
interchange,
information
and
that's
what
they
use
to.
Then
you
know
using
a
set
of
key
pairs
like
private
and
police
and
keys
they
they
encrypt
all
the
information
and
messages
that
come
during
that
connection,
so
a
little
more
about
it
is
what
was
involved
in
in
this
ssl
and
tls.
A
You
know
process
it's
basically,
there's
three
main
things
that
needs
to
happen.
One
is
they
have
you
have
to
be
an
inspirational
encryption?
Of
course,
that's
that's
what
we're
all
we're
looking
for,
making
sure
that
everything
is
secure.
You
have
to
also
have
an
authentication
and-
and
that
has
to
be
all
with
integrity.
So
why
is
that?
What
that
matters?
Well
in
the
process
which
we're
going
to
see
in
in
a
little
bit,
we
we
have
to
make
sure
that
there's
a
version
that
we
do.
A
We
agree
upon
between
the
client
and
the
server
and
the
reason
why,
because
right
now,
tls
have
three
versions.
We
are
hopefully
in
the
in
1.3,
but
but
still
those
are
three
versions,
so
so
the
first
thing
that
happened
is
that
they
just
established
that
connection
saying:
okay.
Well,
let's
talk
about.
A
Let's
talk
in
tls
1.0
1.1
1.3,
whichever
is
the
one
chosen
for
that
communication,
and
then
the
the
initial
the
the
encryption
happens
and
establish
the
whole
sci-fi
suite,
okay,
which
one
we're
gonna
be
using:
let's
use
x,
y
and
z,
okay,
cool
and
that
way
we're
gonna
establish
that
connection.
And
now
we
know
that
the
encryption
is
set
what's
happening.
Next
is
now
they
need
to
authenticate.
A
They
need
to
make
sure
that
the
identity,
a
server
is
the
is
the
one
that
is
supposed
to
be,
because
one
thing
is
establishing
an
encrypted
connection,
but
the
the
server
is
not
the
one
that
it
means
to
be
for
the
browser
to
for
the
client
to
to
talk
to.
Then
the
integration
really
is
just
you.
You
have
an
encryption
encrypted
messaging
with
the
wrong
server
in
it.
At
the
end,
they
will
still
be
able
to
decrypt
that
information.
A
So
that's
where
the
authentication
happens,
using
that
certificate
and
last
but
not
least,
is
the
generation
of
the
sessions
keys.
That's
why
I
relate
to
the
integrity.
That's
the
way
that
now
you
can
make
sure
that
everything
subsequently
to
that
will
happen
in
in
a
secure
way
and
you're
actually
talking
to
the
to
you're
still
talking
to
the
right
server.
So
that's
why
integrity
is
important
there.
A
So
now
what
what
is
the
tls
handshake?
So
basically
the
tns
handshake
is
what
I
just
described
a
few
seconds
ago,
but
here
you
can
see
a
nice
graphic.
How
that
happens.
So
the
part
here
interesting
tone
to
to
to
to
clarify
is
the
different
versions,
which
is
why
it's
important
to
make
sure
that
the
version
of
the
dls
established
is
the
one
that
you
want.
A
For
example,
in
the
tls
1.0
as
you
can,
you
can
see,
there's
more
steps
versus
the
1.3
in
the
1.3,
basically,
what
they
did.
They
just
encapsulated
more
information
and
exchanging
in
just
one
round
tip,
so
you
don't
have
to.
Basically,
you
know
go
and
do
seven
steps,
so
you
might
say
well,
thank
you.
That's
how
that
important.
Well,
I
mean
you
basically
reduce
the
amount
of
round
tip,
so
you
have
less
millisecond
that
you
need
to
use
in
that
process.
A
I
mean
maybe
some
system,
the
millisecond
might
not
be
relevant,
but
in
all
the
platforms
and
these
two
resistance,
these
the
milliseconds
actually
counts,
so
that
that
actually
is
the
one
of
the
reasons.
So
that
being
said,
yes,
tls
always
going
to
add
latency
to
to
your
system.
Now
it's
more
about
deciding
how
you
can
afford
and
which
one
way
you
can
afford
so,
for
I
mean
it
makes
sense
to
always
be
on
the
on
the
latest
tls.
A
Not
only
because
you
know
you
have
more
security
and
more
more
features,
also
because
they're
working
very
hard
to
reduce
that
amount
of
latency
that
the
tls
and,
in
this
case
add,
but
now
that
doesn't
mean
that
it
stops
there,
because
there's
all
the
technologies
that
are
being
implemented
and
to
to
do
that,
lose
that
latency
one
of
them
is
in
falstar,
which
allows
the
servers
and
the
client
to
talk
to
each
other
before
the
whole
process
starts.
A
I
mean,
of
course,
the
one
I
can
argue
like
do.
Do
I
want
to
do
that.
I
don't
want
to
have
my
server
talking
to
my
client
and
vice
versa.
Without
having
the
whole
process
handshake,
you
know
establish
well,
as
is
a
case
by
case
there's
no
way.
A
We
can
all
say
that
one
side
fits
all,
but
it's
it's
good
to
mention
that
the
technology
that
does
that
same
happen
with
the
session
resumption,
which,
if
a
servant
and
client
already
had
the
previous
communication
and
established
that
that
encryption
well,
you
can
speed
that
up,
because
you
already
have
that
trust
established,
though
that
also
helps
reducing
the
milliseconds
that
handshake.
You
know
had
to
happen
so
once
again,
this
is
kind
of
like
a
one-on-one
for
ssl
and
tls.
A
I
I'm
pretty
sure
that
there's
a
experts
out
there
that
say
well
you're
missing
a
lot
of
points,
but
yes
definitely,
but
that
probably
gonna
be
a
topic
for
a
different
conversation,
but
for
right
now,
just
to
summarize
the
http
and
https.
Basically,
the
difference
is
one
is
secure.
The
other
one
is
not
secure
strongly
are
advised
to
use
desk
secure
all
the
time
and
then
that
secures
basically
being
provided
by
the
protocol
ssl
or
tls.
A
They
are
completely
intensive
in
general
in
terms
of
a
concept,
but
we
shouldn't
assume
that
they
are
entirely
the
same.
It's
just
an
evolution.
Tls
is
the
evolution
of
ssl,
meaning
that
I
mean
we
should
be.
We
should
be
speaking
tls.
Hopefully
everyone
should
be
using
tls
from
now
on
and
and
the
other
thing
is
that
the
tls
involve
a
handshake
handshake
is
the
process
how
they
make
sure
that
there
is
encryption,
this
authentication
and
integrating
in
the
process.
A
So
those
are
the
three
main
areas
that
that
tls
cover.
So,
like
I
said,
that's
that's
kind
of
like
the
summarized
version
for
the
rest
of
us
and
actually
that's
more
than
enough
to
then
go
to
the
next
topic,
which
is
less
encrypt
right.
So
what
is
less
encrypt?
Well,
if
you
recall
what
I
was
saying
that
the
tls
involved
with
certificate
and
that
certificate
had
to
make
sure
that
the
server
that
you're
talking
to
is
the
one
that
you're
supposed
to
be
talking
to.
A
Well,
that's
coming
from
something
called
the
certificate
authority,
which
is
an
entity
trusted
by
the
browsers
and
the
clients
that
we
know.
Yes,
whoever
have
a
certificate
coming
from
this
authority
is
someone
that
we
can
trust
someone
that
definitely
knows
what
they're
doing,
and
everything
is
good
before
we
get
into
the
features.
What
what
usually
happens
is,
let's
say,
you're
using
any
other
provider
the
insert
or
or
whichever
you're
using
that
doesn't
really
matter
the
process.
A
Is
it's
a
little
more
manual
and
sense
like
you
need
to
create
the
key
pairs?
You
submit
them
and
they
give
you
back
an
authority,
and
then
you
get
all
that
information
and
then
you
can
use
that
and
then
you
can
just
set
it
up
in
your
nginx
and
your
apache,
your
web
server,
whichever
you
you're
using
and
that's
how
the
process
used
to
be
and
every
time
you
need
to
do
a
renewal.
You
just
do
the
process
again,
so
well
what
what
what's
less
encrypt
then
doing
here?
A
Well,
definitely
this
can
be
doing
a
lot
and
that's
what
I'm
gonna
do
now.
Can
I
walk
you
through
that?
The
the
the
main
features
of
lesson
play,
which
is
one
is
this
is
free,
is,
is
free
to
everyone
who
owns
the
domain.
I
have
to
make
sure
that
that
we
understand
that,
because
not
because
you
using
less
encrypt,
you
can
just
use
someone
else's
domain
right,
so
you
need
to
own
the
domain
because
in
the
process
which
you're
gonna
we're
gonna
describe
later,
you
need
to
prove
that
the
second
is
the
cinematic.
A
Definitely
I
agree.
It's
super
painless.
The
process
is
very
smooth.
All
you
have
to
make
sure
is
that
you
use
configure
your
your.
A
Your
your
agent,
because
there's
a
involved
there-
and
that
said
you-
you
can
do
that
process
very
automatically,
and
you
there's
a
lot
of
even
cli
that
you
can
use
this
privates
that,
at
the
serb
bot,
for
example,
is
one
of
the
most
known
projects
that
you
can
use
and
it
makes
your
life
a
lot
easier,
creating
issuing
configuring
and
renewing
the
certificates.
It's
very
secure
as
we
we're
talking
about
about
tls,
which
is
why
it
was
important
for
me
to
explain
a
little
bit
more.
A
What
tls
means,
because
they
use
the
best
and
latest
practice
of
tls.
They
use
very
advanced
techniques
there
and
they
make
sure
that
what
what
they're
doing
is
actually
always,
you
know,
compliant
with
the
with
the
most
advanced
techniques
it
sounds
transparent.
This
is
a
when
I
was
learning
about
lesson
crypt.
This
is
something
that
actually,
it
was
a
surprise
for
me,
because
everything
is
an
issue
and
reward
process.
A
Both
they
are
keeping
in
a
public
record,
so
everyone
can
see
that
what's
happening
so
and
not
to
get
into
the
blockchain
world,
but
basically
the
transparency
that
everyone
having
accountable
accountability
of
everyone.
It
does
make
it
a
lot
more
transparent,
so
it's
something
that
surprised
me
and
I
liked
it
the
other
one
is
that
is
open.
Basically,
it
uses
a
you
know.
A
The
protocol
is
a
is
considered
an
open
standard
and
we're
gonna
talk
about
the
acme
pro
logo
later,
but
it's
very
often
the
system
and
and
the
cooperate,
meaning.
A
That
is
it's
a
joint
effort
of
the
community,
which
is
definitely
something
that
I'm
pretty
sure
that
everyone
watching
here
love
so
a
little
more
about
less
encrypt,
so
how
it
worked
this
two
process
that
is
involved
on
the
in
the
initial
validation,
as
I
was
mentioning
that
the
acme
protocol
is
the
one
that
it
helps
to
obtain
trust
as
the
certificate
for
the
for
browsers
and
and
that's
it-
that's
done
through
a
management
agent
I
mentioned
one
a
couple
seconds
ago
is
sir
bot
is
one
of
them,
but
this
there's
a
lot
of
them
out
there.
A
If
you
go
to
the
website,
you
will
see
that
there's
basically
a
lot
of
agents
built
in
different
languages.
These
libraries,
if
you
want
to
build
your
own,
so
definitely
something
that
is
not
tied
to
one
thing,
but
the
process
is
is
the
same
to
all
the
solutions
out
there.
The
first
thing
that
you
need
to
do
you
need
to
prove
the
ownership,
which
is
what
I
was
referring
to
in
the
previous
slide.
A
So
if
you
look
at
the
top
image
to
basically
the
the
web
server
in
this
case,
yours
have
to
make
sure
to
let
you
cannot
ask
let's
encrypt
hey
I
want
to.
I
want
to
you,
know,
claim
the
ownership
or
I
want
to
basically
say
confirm
that
I'm
the
owner
for
this
domain
listen
could
be
back
to
today
to
the
agent
and
say:
okay.
Well,
let's,
let's
do
it
prove
it?
A
You
have
to
wait
to
do
it
and
here
are
the
ways
that
you
can
prove
to
me
that
you
own
the
domain.
So
there
are
two
ways:
one
could
be
dns
record.
Http
result
underwear
known
ura
uri
so,
and
I
mean
that's
it's
very
similar
to
a
process
if
you
go
with
any
other
way,
any
other
certificate
authority
that
you
need
to
provide
those
two
right.
So
let's
say
that
you
know
once
the
the
lesson
clip
goes
back
to
the.
A
In
this
case
the
agent
says:
okay,
you
prove
to
me
in
this.
I
did
this
two
way
and
then
no,
let's
do
it.
So
we
we
we
ask
the
agent
say:
okay,
I'm
gonna
prove
it
to
you.
Let
me,
for
example,
use
a
when
known
uri,
which
is
very
simple
to
do
by
the
way.
So
once
we
do
that
and
we
sign
it,
we
send
it
back
to
listen
chris.
A
Let's
include
we'll
receive
that
and
we'll
validate
verify,
of
course,
that
using
that
notes
that
he
gave
me
before,
because
if
you
look
at
the
in
the
top
image
there
is
an
there's,
a
new,
it's
a
nouns
that
sent
us
back
and
that's
the
one
that
we
used
to
do
the
the
second
part
of
the
process.
We
do
that,
we
sign
it,
we
send
it
to
him,
he
gets
a
verified
and
then
we
just
put
it
out
there
for
the
lesson
clip
to
then
be
able
to
download
it.
A
So
once
this,
unless
and
clear
is
able
to
download
it,
then
everything
looks
good
and
say:
okay.
Well,
you
proved
to
me
that
you're,
the
on
the
owner
of
the
domain,
so
go
ahead
and
you
can
start
issuing
certificates,
which
is
the
next
part
of
the
process,
so
to
issue
certificates
is
even
more
simple.
So
once
you
do
that
you
do
the
pk
cs
certificate
sign
in
request,
same
process
you
have
to.
A
We
all
have
to
understand
that
in
every
process
we
have
to
tell
the
lens
encrypt
what
we
want
to
do,
but
everything
had
to
be
signed
and
everything
had
to
be
definitely
validated
by
let's
encrypt
using
those
those
key
pprs.
So
in
this
in
this
process
we
signed
that
petition
of
the
certificate
we
want
the
certificate
for
example.com,
send
it
back
to
lens
encrypt
and
simply
say:
okay,
I
I
I
believe
you
I
compare
it
and
everything
looks
good.
A
So
let
me
give
you
back
the
certificate,
after
the
verification
happens
and
for
revoking
the
certificates,
it's
actually
the
the
same
process
just
in
the
way.
In
this
case,
all
what
always
saying
is.
I
want
to
revoke
this
certificate
that
you
gave
me.
I
have
to
sign
it,
send
it
to
listen,
credit,
listen
click
validate
that
and
say,
okay.
This
looks
good,
you
revoke
the
the
certificate
and
let
me
then
notify
the
crl
and
or
all
the
lc
sp.
A
Whichever
indicates
in
that
way,
you
know
we
all
all
the
browsers
can
rely
on
that,
and
the
process
is
very
simple.
Now
do
we
have
to
do
this
manually?
Well,
no,
I
mean,
let's
encrypt
says,
is
automatically
so
this.
These
tools
always
remember
that
there's
an
agent
for
dance
so
that
agent
will
take
care
of
that.
We
just
need
to
get
the
configurations
that
we
need
and
we'll
do
it,
but
this
is
actually
the
process.
That's
going
behind
the
scenes
of
that.
A
So,
with
this
being
said,
let's,
let's,
let's
take
a
mental
pause
and
say:
okay!
Well
am
I
ready
to
now
use
these
anywhere?
Yes,
I
mean,
like
I
said
you
can
just
go
to
the
the
lesson
crypto
website
do
download
that
one
of
the
agents,
whichever
you
like
the
most
and
if
you're
using
let's
say
what
are
you
using-
is
web
server
somewhere
virtual
server
and
you
have
apache
and
unix.
A
So
whatever
you,
you
feel
more
comfortable,
you
install
the
server
bot
you
configure
that
to
with
that
with
your
web
server
and
he
will
take
care
of
the
rest
now.
What
happens
if
we
want
to
do
any
kubernetes
well
same
thing,
so
we
just
download
whatever
nginx
or
web
server
version.
We
want.
We
configure
that
and
we
deploy
our
application
now.
A
Do
we
want
to
do
it
that
way,
not
really
there's
already
something
that
can
do
it
for
us,
which
is
another
project
that
I'm
going
to
introduce
now
in
this
in
this
in
this
webinar,
which
is
server
manager,
semi
was
developed
by
jetstack
and
basically
they've
been
doing
a
great
job
on
this
project,
because
what
this
product
does
is
just
it
just
makes
it
a
lot
easier
for
for
us
to
configure
and
use
all
these
certificates,
because
we're
only
interacting
with
what
we
know
the
best,
which
is
kubernetes
objects,
so
that
that
that
makes
the
process
a
lot
more
easier.
A
But
of
course
it
goes
more
than
that,
because
it's
not
only
for
less
encrypt.
They
actually
do
support
a
lot
more
sources.
Let's
encrypt
just
happen
to
be
one
of
them,
so
just
to
give
an
idea
what
they
support.
They
support
hashicorp
as
well
banafi,
and
they
also
have
the
private
pki.
A
So
you
can
create
your
own
pika
if
you
want
to,
but
even
more
than
that
in
the
recent
versions
and
and
as
a
reason,
not
like
a
few
a
few
months
ago,
but
I
mean
reason
because
I've
been
using
ceremony
for
quite
some
time
enough
and
they
come
up
with
these
community
sources.
A
Now,
where
I
can
deploy,
I
can
develop
my
own
sources
if
I
want
to-
or
I
can
use
one
of
the
the
list
that
the
committee
already
created,
which
is
very,
very
nice
and
engaging
because
you
know
they
say,
listen
crypt
is
doing
the
job
for
us,
and
but
we
want
to
use.
You
know
our
private,
because
we
are
an
enterprise
and
we
want
to
have
our
own
private
certificates.
Well,
we
can
do
that
or
you
have
this
one
that
we
want
to
use
like.
For
example,
you
want
to
use
cloudflare
okay.
A
Well,
they
do
have
a
in
the
community
one
for
cloudflare,
so
definitely
definite
display
has
been
growing
so
much
I
do
enjoy.
I
you
use
a
lot.
So
definitely
is
worse
to
to
stop
by
and
read
more,
not
just
what
I'm
I'm
showing
here
so
well.
This
is
this
is
like
kind
of
like
how
it
works.
A
I
I
wanted
to
show
you
a
couple
more
things
about
that
before
we
get
into
the
demo.
One
of
them
is
the
issuer.
We're
gonna
be
using
this
object
for
sure
and
in
the
issue,
it's
just
basically
a
representation
of
a
certificate
authority
in
in
coordinates
obvious
terms.
They
do
support
multiple
here.
A
So
this
is
kind
of
how
it
looks
like
you
just
declare
what
you
want
in
your
specs,
then
you
define
how
you
want
it
to
behave
which
we're
going
to
be
seeing
in
a
second.
The
second
object
that
I
want
to
show
you
is
the
certificate,
the
certificate
interesting
enough.
We
were
not
going
to
create
it,
but
we're
going
to
look
into
it
and
see
how
it
looks
like
and
what
it
does.
A
But
the
certificate
is
the
way
that
then,
after
you
get
your
your
authority
created
and
all
good
and
you
verify
and
you
own
that
domain,
then
you
can
create
a
certificate
that
certificate
would
work
with
that
specific
ca
and
that's
how
it
going
to
communicate
with
back
and
forth
and
and
then
keep
your
certificate
in
sync.
A
So
this
is
how
it
looks
like
I
do
have
here
a
couple
links
that
definitely
I
will
recommend
that
you
guys
look
into
a
little
more
in
depth
the
certificate
life
cycle,
for
example,
which
is
the
image
that
you
see
on
the
on
the
right,
it's
impossible
to
see
all
everything,
but
the
reason
why
I'm
putting
in
there,
because
they
do
have
a
really
detailed
diagram
of
how
the
whole
life
cycle
of
the
certificate
works.
It's
a
lot,
but
definitely
I
recommend
you
guys
taking
another.
A
You
know
separate
reading
to
this
life
cycle,
because
it
goes
very,
very
in
depth
of
how
that
process
work.
And
then
you
will
understand
even
more
how
they
you
know,
encapsulate
all
these
complex
processes
that
we
usually
go
through
using
issuing
certificates
and
getting
certificates
and
reworking
certificates
into
a
very
simple
object
and
definitely
have
to
give
kids
to
them
on
that
all
right.
So
this
is
this
is
all
I
have
before
the
demo.
So
what
we're
gonna
be
doing,
then,
is
we're.
A
Gonna,
basically
now
put
all
this
stuff
together.
So
what
we
learned
so
far
about
http
https,
ssl
tls
in
less
encryption
and
same
manager,
a
couple
of
things
here,
if
you
following
along
I'm,
going
to
be
using
a
kubernetes
cluster
in
digital
ocean,
you
can
use
whichever
you
want
it
does.
It
does
not
really
matter
what
type
of
clapper
you
use.
I
just
happen
to
be
using
that
one,
because
it's
just
simple
to
deploy
real,
quick
one,
we're
gonna
need
a
domain
name.
This,
I
think.
A
That's
the
the
probably
the
whole
point
of
this
webinar
is.
I
is
tied
to
a
domain,
so
definitely
we
we
need
one.
A
I
have
one
name
chip
which
I'm
going
to
show
you
guys
later,
the
one
that
I'm
going
to
be
using
and
we're
going
to
install
the
english
engine
x,
english
controller,
in
this
case
it's
in
unix,
we're
going
to
install
cell
monitor
and
then
we're
going
to
use
web
service
to
test
all
these
and
the
website
that
I'm
gonna
be
using
is
the
the
google
micro
service
demo
is
like
a
boutique
store
and
we're
just
gonna
use
that
one
as
a
reference?
A
Okay.
So
let's
not
delay
this
more
and
let's
jump
right
into
it.
Let
me
just
one
second,
so
I
can
share
my
other
screen
and
we
should
be
good
to
go
all
right.
A
All
right
so,
just
like
you
want
to
confirm
that
ever
since
we
can
see
it
all
right,
so
just
checking
the
font,
it
looks
good.
I
guess:
okay,
all
right!
So,
let's,
let's,
let's
get
you
started,
so
what
we're
going
to
be
doing?
A
All
right,
so
that's
it.
We
have
a
heat
lotion
cluster
and
if
we
look
at
the
do
we
have
some
parts
running
on
the
file.
Yes,
we
have
one
which
is
the
english
contour
and
I
had
to.
I
had
to
cheat
a
little
bit
because
the
english
controller
usually
takes
some
time
to
get
the
load
balancer
ip.
So
to
avoid
that,
I
just
I
just
got
the
at
least
the
service,
the
load
balancer
and
the
engine
x
and
the
controller
in
place.
A
So
I
don't
have
to
waste
time
on
that
one,
but
so
that's
what
we
have
so
we
can.
You
can
see
here
that
we
have
the
service.
We
got
the
standard
ip
and,
let's
see
what
it
is
there.
That's
it!
Okay!
So
that's
all
we
got
all
right
so
now,
the
first
step
that
we're
gonna
be
doing
and
I'm
gonna
use
here.
My
my
guide
is
we're
going
to
install
the
actual
web
service.
That's
the
first
thing
that
we're
going
to
be
doing.
A
I
have
it
right
here
in
the
is
it
they.
I
downloaded
the
repo
the
microservice,
so
we
just
all
have
to
do
is
just
apply
and
then
we're
gonna
go
to
the
release
and
we're
gonna
deploy
the
manifest.
A
They
do
have
this
to
install
in
multiple
places
using
instio
in
different
ways,
but
we're
just
gonna
use
the
plain
one.
We
just
wanted
the
the
the
services
being
deployed.
So,
let's
deploy
that
what
does
they
been
deployed?
I'm
going
to
switch
to
my
browser
and
I'm
going
to
show
you
this
is
the
the
store
demo.
So
we
don't.
We
don't
have
anything
right
now,
so
it's
basically
responding
the
nginx,
that's
all
we
have
and
because
we
don't
have
any
ingredients
or
anything
set
up.
We
we
have
the
for
foreign
found.
A
So
everything
is
expected.
That's
that's
exactly
what
we
want,
so
everything
was
created.
Let's
just
check
the
the
parts
and
see
if
we
got
everything
that
we
need
in
place.
Oh
yeah,
some
of
them
are
still
not
running,
but
we
don't.
We
don't
mind
because
the
one
that
we
care
about
is
front-end,
that's
the
one
that
we
need
to
the
one
that
we're
gonna
use
and
in
order
to
use
it
we're
gonna
create
an
ingress.
A
So
if
you
look
at
the
english
that
we
have
right
here,
let
me
just
make
this
bigger,
like
it's
a
pretty
straightforward
ingress.
Nothing
really
different
here
to
what
we
already
know,
except
for
we
just
declaring
here
well
not
much
different
here.
So
let's
just
deploy
this
and
we're
gonna
do
the
apply.
A
And
then
with
zero
one
english
demo,
so
what's
the
expectation
is
that
once
this
is
done,
we
should
be
able
to
go
here
and
and
see
this
store
perfect.
So
that's
what
we
have.
That's
the
store
right
there.
Of
course
it's
not
secure.
We
don't
have
any
any
type
of
security
in
place.
Even
if,
if
I
want
to
force
that
to
happen
https,
it's
gonna
tell
me
like
no,
you
cannot,
but
of
course
coordinated
by
default
is
trying
to
put
a
certificate
self
signed
there,
which
is
fake.
A
I
mean,
of
course
we
are
not
gonna.
Do
that
just
gonna
say
no.
Thank
you
we'll
go
back
to
the
to
the
store
in
in
http,
so
this
is.
This
is
like
us
now
doing.
The
http
version
that
I
was
saying
on
the
first
slide.
We
are
navigating
not
secure
place.
So
if
we
add
to
car-
and
we
start
doing
our
or
check-in
check
out
whatever
we
want
to
do-
that's
not
gonna.
That's
that
I
won't.
I
won't.
A
Basically,
you
know
recommend
that,
because
then
you're
gonna
be
basically
navigating
securely
okay.
So
what
was
the
next
step?
Well,
next
step?
Let's
yeah,
this
service
is
broken
because
one
of
the
past
is
not
running,
but
that
doesn't
matter
right
now
for
us
all
right.
So
the
next
step.
Well,
let's,
let's
create
the
first
issuer.
So
what
is
the
niche
word
right
here?
A
Each
way
as
we
were
looking
into
the
into
the
slide,
we
just
described
what
type
of
issue
we
want.
So
it's
good
to
to
mention
that
a
lesson
grip
has
two
two
issue:
two
type
of
issuers.
One
is
the
staging
version,
sorry,
two
versions
of
issue
staying
in
production,
so
with
the
staging
one
you
will
get.
Basically
everything
like
you
get
in
production,
minus
the
the
validation
meaning
that
you
create
a
staging
certificate.
A
But
it's
not
gonna,
be
you
know,
trusted
by
the
browser,
so
everything
else
will
will
give
you
and
the
reason
why
they
do.
That
is
for
you
to
test
if
you're
working
on
your
own
environment
development
or
something
like
that,
and
you
want
to
make
sure
that
the
whole
process
works
well
use
this
one
staging
because
the
production
it
has
some
rate,
limitings
and
stuff
like
that,
that
you
want
to
make
sure
that
you
don't
you
don't
cross
and
and
and
that's
that's
the
reason
why
staging
is
four.
A
So
what
we
declare
here
is
just
the
server
which
is
the
api
endpoint,
the
email,
the
the
name
of
the
secret
that
we
want
to
to
to
use
for
for
database
to
storing
that
specific
information
and
then
the
resolver
here
you'll
say
I'm
just
saying:
hey
anything
that
that
is
http.
A
It
should
be
a
one
use
the
english
class
and
unix,
and
they
just
use
that
to
relate
the
the
issuer
with
the
ingress
and
that's
why
I
was
saying
that
we
might
not
create
a
certificate,
I'm
going
to
show
you
a
certificate,
but
we're
not
going
to
use
the
object
certificate
because
they
make
it
even
easier
for
us
to
use
relay
them
using
the
solvers
all
right.
So
let's
do
that
this.
This
applied!
That
that
one
file
one
co2
and
then
we
do
it
that
so
right
so
we
create
the
staging.
A
So
let
me
show
you
how
that
works,
that
how
that
looks
like
you
go
to
gypsy
ttl
and
then
we
say
describe
and
we
say
issuer.
A
Oh
all
right
so,
first
blopper,
I
knew
it.
We
missed
something
guys
we
didn't
install
ceremonies.
So
how
about
we
do
that?
First,
okay!
So
let's
go
to
the
to
the
readme
and
we're
just
gonna
copy
this
I
do
have
already
held
installed.
So
I
I
don't
need
to
do
the
they're,
adding
the
repo
and
updating
the
repo
you
might
guys
might
have
to
do
it.
But
in
my
case
I
don't
have
to
I'm
just
going
to
install
it
using
helm.
A
A
So
when
you
install
with
home
everything
installs,
but
then
I
mean
it
starts
breaking
and
something
is
because
it
doesn't
have
the
crds
available
so
and
I
didn't
notice
that
when
I
was
doing
it
so
just
keep
in
mind
that
when
you're
installing
using
the
manifest,
usually
they
do
have
two
two
manifests
one
for
the
crds
one
for
the
for
the
installation.
So
I
just
keep
keep
that
in
mind.
A
I
disabled
prometheus
because
I
don't
have
for
me
to
install
so
I
didn't
want
that
to
to
cause
any
any
any
potential
issues
it
doesn't.
But
you
know
just
in
case-
and
I
just
got
the
the
workbook's
timeout
for
seconds,
which
right
now
is
not
relevant
so
that
everything
is
installed
right
now.
So
if
we
go
to
good
city
I'll
get
s
we
get,
we
have
the
user
manager
if
we
want
to
make
sure
that
everything
in
the
same
manner
is
working.
A
So
we
just
see
what
is
there
all
the
files
running?
So
we
should
be
good
to
go
so
just
out
of
curiosity.
If
you
go
to
pod
to
logs
and
you
expect
the
same
manager,
you
will
see
that
basically
just
getting
all
the
it's
gonna
stop
looking
for
certificates
and
see
if
he
can
do
something
about
it.
So
they
just
now
apply
the
certificate
that
we
have
before.
A
A
Let's
just
copy
your
name
and
let's
see
what
we
see:
okay,
cool.
So
it's
a
it's
a
huge
bit
right
now
because
of
my
screen,
but
it's
not
that
much.
To
be
honest,
it's
basically
just
creating
everything
looks
good.
That's
the
spec!
What's
important
here
is
the
status
right,
so
if
you
can
see
it
just
it
just
created
this
claim
a
unique
uri.
A
Sorry,
this
challenge,
that's
the
challenge
using
the
protocol,
acme
and,
and
then
everything
basically
went
well
because
it
just
created
my
account
and
created
my
my
input
and
status
type
ready.
So
that
tells
me
that
this
specific
issuer
is
all
good.
I
mean
we're
good
to
go
just
keep
in
mind,
which
I
I
forgot
to
mention
that
you
have
to
use
your
own
email
so
and
make
sure
that
is.
Is
it's
okay
because
that's
what
they
used
to
create
the
accounts,
so
that
could
create
some.
A
You
know
unexpected
shooting,
but
now,
since
we
already
have
the
the
let's
encrypt
working
and
staging,
can
we
start
using
it?
Yes,
let's
just
use
it
now,
so
to
use
it
we're
gonna
be
looking
into.
Let
me
just
close
these
ones
and
we're
gonna
see
the
version
three.
A
So
in
the
version
three
of
the
of
the
ingress,
all
we're
going
to
do
now
is
adding
one
annotation
here,
just
this
one
right
here
97
and
we
need
to
declare
that
we
want
this
to
also
respond
by
tls
and
the
tls
that
when,
when
it
responds
to
tls,
then
I'm
going
to
allow
them
to
you
know
respond
using
the
the
same
host
that
I
declared
right
here
and
also
I
wanted
to
use
the
secret
that
is
going
to
be
created
here
so
before
we
do
that,
let's
check
out
if
we
have
any
secret,
let's
get
secret.
A
All
right,
so
we
had
some
secrets,
but
not
the
ones
that
we
didn't
need.
There's
other
secrets
here
that
we
really
don't
need,
but
the
one
the
one
that
we
want
is
stored,
demo
store
them
was
not
there.
So,
okay,
let's
let's
move
on
then
and
and
just
to
to
show
you
guys
your
certificate.
A
A
Qctl
apply
minus
f
and
then
we're
going
to
do
version
three,
let's
see
what's
going
on
now
perfect.
So
now
we
have
an
english.
So
if
we
go
in
and
create
and
get
ingress,
it
means
it
means
a
misspelled
here
we
got
an
ingress
right.
There
called
demo
right.
So
with
this,
with
this
now
ingredients
called
demo.
We
can
go
ahead
and
check
the
website
now
response
using
tls,
let's
just
you
boom
so
now
the
certificate
that
we're
getting
is.
A
A
Neither
my
authority,
but
if
you,
if
you
can
see
here,
the
the
the
staging
now
is
being
the
one
responding.
So
it's
telling
me
that,
yes,
let's
encrypt,
is
giving
me
the
certificate
that
I
need.
It
just
happened
to
be
that
that's
not
the
one,
as
you
can
see
here,
that
they
consider
trusted
and
that's
okay.
I
mean
we
don't
we
don't
need
to
trust
that
one,
because
it's
just
for
testing,
but
it
is
working.
So
basically
I'm
getting
a
certificate,
I'm
getting
it.
A
My
keys
and
my
private
key
and
my
policy
to
do
then
all
these
issuance
and
and
renewals
and
revokes.
So,
let's,
let's
see
how
that
looks,
then
if
we
know
that
we
got
the
each
word,
let's
see
if
we
can
get
a
certificate
so
voila
we
got
a
certificate
right
there.
So
let's
now
describe
what
that
certificate
looks
like
and
it's
called
store
demo
right.
A
Awesome,
so
this
is
our
certificate
right
now
and
then
what
what
happened
is
that
you
know
it
created
the
whole
certificate.
For
me,
I
didn't
have
to
do
it,
which
is
good,
because
I
I
basically
saved
one
step
now.
What
what
it's
doing
is,
if
you
recall
the
slide
where
we
were
saying
we
need
to
assign,
what's
still
going
to
be
the
dns
name
and
that
kind
of
stuff.
A
So
it's
right
here,
so
you
just
already
created
the
whole
object
for
me,
creating
reference
to
the
to
the
issuer
and
doing
the
whole
process,
and
if
you
notice
it
did
the
process
of
creating
a
certificate
so
notice
that
that's
why
it's
not
instant,
it's
not
like.
Oh,
I
created
a
certificate
and
right
away.
I
got
my
secure
website,
no
it
just
it
does
the
process.
You
say:
okay,
let
me
issue
the
certificate
because
it
doesn't
exist.
Second,
let
me
create
a
store
that
new
private
key
get.
A
A
A
A
Look
at
this
so
now
this
this
secret.
That
right
here
is
basically
storing
some
metadata
that
that's
the
one.
I
definitely
use
to
keep
in
sync
with
the
certificate
and
the
certificate
request,
but
I
get
my
two
certificates.
This
is
it
so
now.
A
I
I
basically
in
this
that's
the
way
that
the
ingress
is
relating
now
to
the
to
the
certificate
and
the
key,
because
if
we
recall
on
the
ingress
he
says
that
he's
talk
he's
expecting
this
secret
name,
but
I
never
created
that
secret,
but
it's
in
there,
because
the
whole
chain
process
done
by
sir
manager
is
doing
most
of
the
work.
For
me
I
mean
that
doesn't
mean
that
I
cannot
do
it
manually.
I
can't
there's
a
way
for
you
to
do
a
memory.
A
You
can
do
your
own
specifications,
all
that
they're,
not
stopping
you
doing
that,
but
this
is.
This
is
more
than
enough.
That's
not
what
I
need.
Okay.
So
now
we
got
the
the
stain
working
we're
good
this
it's
time
to
go
to
production,
let's
move
on
and
and
get
into
production
all
right.
So,
for
that,
all
we
have
to
do
is
just
create
a
different
issuer.
A
A
Right
same
as
before,
he's
just
doing
the
whole
process
doing
making
sure
that
you
know
this,
there's
an
act
right
here
that
if
we,
if
we
just
click
here,
you
just
open
in
a
different
browser
one.
Second,
it's
supposed
to
be
here-
that's
my
my
acc
right
there.
So
of
course,
the
method
allowed,
because
it's
not
doing
it's
not
supposed
to
do
anything
like
that.
But
that's
that's!
That's!
The
api
are
responding.
Okay,
all
right!
So
then
we
got
here.
A
We
got,
he
says
it's
being
created
the
account
it's
been
registered.
This
is
good,
it's
ready!
Let's
do
it
right
so
with
that
the
next
step
was
to
update
the
english,
the
english
for
my
website.
So
let
me
show
you
how
that
looks
like
same
thing,
so
the
ingress
it
doesn't
change
much,
except
for
this.
A
The
only
thing
that
we're
changing
is
okay.
I
want
you
to
now
use
the
less
encrypt
production
version,
not
the
staging,
but
everything
else
is
still
the
same.
I'm
not
changing
anything!
I
want
the
english
to
be
the
same.
I
want
the
same
secret
name,
no
problem.
All
right
I
mean
you
could
change
the
secret
name
if
you
want
to,
but
that
I
mean
in
this
case
it
doesn't
really
matter.
A
So
let's
now
apply
the
five
and
let's
just
give
it
a
second
now,
while
we're
doing
that,
I
want
to
show
you
something
real,
quick,
insert
manager
and
see.
If
we
can
see
it
looks.
A
A
So
it's
saying
hey
found
one
existing
the
http
resolver
for
the
stored
demo
is
related
to
the
kind
of
service
and
and
it's
just
getting
all
this
information
in
relationship
and
then
it's
going
to
be
doing
the
sub
check
and
that
kind
of
stuff.
So
if
we
put
it
with
the
minus
f,
you
might
be
able
to
see
it
in
in
in
life.
So
and
that's
what
it's
doing
so
I
want
to
show
you
the
actual
challenge.
A
Please
apply
your
change
in
the
lines.
The
challenge
in
work
not
only
exists,
so
it's
doing
all
that
process
of
doing
the
challenge,
which
is
great.
So
that's
that's
perfect.
So
in
the
meantime,
let's
check
the
website
real,
quick
and
see
if
we
got
already
the
good
version
there
you
go
so
I
mean
it
was
pretty
fast,
so
we
couldn't
catch
the
whole
process.
But
if
you
can
see
here,
everything
starts
here
on
the
certificate
request.
A
When
he
started
getting
and
say
hey,
I
want
I
want
a
new
certificate
and
is
for
this
specific
version
of
the
api
is
creating
all
the
challenges
and
doing
the
process
right
here
and
then
you
know
it
was
fulfilled,
so
it
was
done,
but
what's
the
result
of
this
well,
we
now
have
a
secure
connection.
A
If
we're
going
to
look
at
the
valid
certificate,
it
says
that
I'm
using
the
isrg
root
x1
and
then
I
can
see
here
that
my
store
demo
is
trusted
by
my
browser
and
voila
happy
everyone
now
now
all
right,
our
traffic
between
my
browser
and
this
server
is
entirely
encrypted
using
the
latest
and
greatest
and
the,
and
they
are
you
know,
most
about
techniques
that
listen
creep
offers
and
I
basically
had
to
do
better
than
anything.
A
Everything
was
mostly
done
by
the
submariner
and
in
this
case
that
talks
to
the
last
encrypt-
and
I
think
that
this
is
a
this-
is
it.
This
is
where
I
wanted
to
show
you
how
to
secure
your
website
using
the
lesson
encryptions
and
manager.
So
I'm
happy
to
answer
any
questions
you
can
reach
out
to
me
on
any
social
media.
As
I
was
saying
on
the
on
the
slides,
let
me
just
go
back
over
to
those
lights.
A
All
right,
so
that's
it!
That's
all!
That's
all
I
wanted
to
show
you
guys
and
let's
say
more
than
happy
to
answer
any
questions
that
you
may
have
as
any
given
point
just
just
reach
out
to
me
on
on
on
any
social
media.
You
can,
let
me
just
put
this
back
online
one
more
time,
just
in
case
you
can
find
me
as
ad
ar
for
mires
and
well.
Thank
you
so
much
for
for
the
time
and
I
enjoy.