How to handle Kubernetes workload certificates?

11/24/2021

I want to deploy a MongoDB cluster with for example Percona. So, I need to provide a certificate to MongoDB servers and MongoDB client applications to use TLS. In this use case, the certificate must be signed for *.mongodb-namespace.svc.cluster.local. If I generate this certificate, it will be self-signed, so all client applications will need to set insecureTLS=true or skipVerifyName=true. This is insecure, so how do we handle certificates in Kubernetes for workloads (generally, here, MongoDB was just an example)?

-- Antoine
client-certificates
kubernetes
ssl-certificate

0 Answers