Less than 1 minute
# 将证书和私钥导入secret
# kubectl create secret tls cert-foobar --cert=foobar.crt --key=foobar.key
apiVersion: v1
kind: Secret
metadata:
name: hellok8s-tls
namespace: default
type: kubernetes.io/tls
# data 只接收base64编码
data:
# 这里的示例数据是随意填写的,在新版本中会警告:Warning: tls: private key does not match public key
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNVakNDQWJ1Z0F3SUJBZ0lKQUs5RU9hb1BQcFdkTUEwR0NTcUdTSWIzRFFFQkN3VUFNRUl4Q3pBSkJnTlYKQkFZVEFsaFlNUlV3RXdZRFZRUUhEQXhFWldaaGRXeDBJRU5wZEhreEhEQWFCZ05WQkFvTUUwUmxabUYxYkhRZwpRMjl0Y0dGdWVTQk1kR1F3SGhjTk1qTXhNRE14TWpFd016QTJXaGNOTWpNeE1UTXdNakV3TXpBMldqQkNNUXN3CkNRWURWUVFHRXdKWVdERVZNQk1HQTFVRUJ3d01SR1ZtWVhWc2RDQkRhWFI1TVJ3d0dnWURWUVFLREJORVpXWmgKZFd4MElFTnZiWEJoYm5rZ1RIUmtNSUdmTUEwR0NTcUdTSWIzRFFFQkFRVUFBNEdOQURDQmlRS0JnUUROclRnZwp6a2JHUTVTQVV5T3BCVVFtYktnMHI1bEhpNG1QeTBtQWM5bnlIbTUvaXUwKzFpaEFNYlUybGtSUFM1Q3U0eWIyCldUZ1lHR3NvOXo4VGJOU0JFZXBTWHoxZFpVTllxVTNnSEpHOHh4RW05UW9oZlFKcERZZVJ5dm1Od2xhdzVseksKcDN0bjVuV3c5cEhxSEwySXZ6eEJ3QnVDbzVyUEZQbC9kTnFuSVFJREFRQUJvMUF3VGpBZEJnTlZIUTRFRmdRVQorYzhGRE5jOTJsNFdQTzBKZG5NWldVdUhtTXd3SHdZRFZSMGpCQmd3Rm9BVStjOEZETmM5Mmw0V1BPMEpkbk1aCldVdUhtTXd3REFZRFZSMFRCQVV3QXdFQi96QU5CZ2txaGtpRzl3MEJBUXNGQUFPQmdRQVpCWmlSdzQ5SGFJUG0KcW5RWm0zc1RNVFh1MEZCOENlVFFGU0s3L21MQi9sbXlxVk1DMnVScmhwSFdrMk43SlRyb1VkZzU2UFZhcUM4eQp5R2UvSkcvdG5aZXRtRkFvTG5KaVlzaHYvWm5wblJSZ0t2UFhkaEtyelVKa2NqSGYrYmdxOU1aYW1pQkFQY2lKCi9qdUx0MnRQblFvajlIMWxaaWhqRno3WUxiZ0JQUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUNkUUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQWw4d2dnSmJBZ0VBQW9HQkFMSng2NWlCTjdoMGZLRHcKalFTWFRKeUIyYnZ1b2t4cUdrckRMc01nWEdIdUlUakNBNWt3TDNqZHkvbUQ0RVZjZ1Y4a1BJK2tjTnJJd0pWbQp3NmF4TzFseExqaVpYRjdGWUZrZGdzcEZVRjNQQW50SVhMeDl6bndtek5jeWxhV0RyaEdJVGVTT0JGNi9qTklDClpJcHFaN1dSSGIzS0w3SE41eFp3VWw0UlNOTWhBZ01CQUFFQ2dZQUY2MTJEVzVYN21uR2Y3UnJnY2h4cWZLdzYKWGJvb2lzU0FnbVVFdUFnWWY0dStsRUVHVGVEbFE0WkdxcWMvNWNlczNramNBdnB6WjRGcjgxSytMdGJuSEcrbQpNRXBVcWQyUTNmV0s3WFByUkZjbjZlUEx2YUZKWlhJSGVKZnAxRUltbXdKNmdRR1FJalBBRC92YTl5WVNBUmhqCmZqR0NNZFdxN2NwS1VXSXlnUUpCQU9acjNsdkJBMVBSeW5qZHB1RXIxZm9ybG55bzRFOTh2NlFSNnVXWWtnQjAKeUJQQzJlczhEZ2RoVDlNY0xsVGdHb281SGJrWE5vS1B3cExoSUp5S0RSa0NRUURHUVB2TzJ4RjRYQkpaZUEwaQp6bndHZTN4WFpRSHVJN0RpYWtWQUc2U1JId3NrMEJwNXk3YTVJQ3hCTU82d1g2c2owSW1mN3NBa0J1MjNuZmx1Cmo2OUpBa0JiNURqUkxyQTlCVFZSN2xOWENUeFVnSDJMU1czclJUeklHYjByd3lTMnVkdnd4WXhTbTZpY21OcFUKdnJCYmVPUWNxNXFHN2hMM0RvM3lOWVhqNThwQkFrQllwTCt5YXdNeHRNRkRuY2tKMGhka2NweFRHMGUwcWVLeQpLZUFTM1FsRkZnTk9qM24zRVYzL0FtS25OM0RTRGNTZ3UrSjlUeXc4TDVqa3E4N1dYNHA1QWtCR2VEK0E2YmFECnNzaXRtWmRydEo2ekxHYkZHRmtXazM0bVJxOGNzSWN4bndoelZnSXBKRjZvUG5yZUU2RmdUaDNHd0J6Z3VOc3kKVm5yOTZyd2tmMzQ1Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0=
# 也可以换成 stringData 存明文证书,在kk get secret hellok8s-tls -o json 时看到的都一样
#stringData:
# tls.crt: |-
# -----BEGIN CERTIFICATE-----
# ...
# qnQZm3sTMTXu0FB8CeTQFSK7/mLB/lmyqVMC2uRrhpHWk2N7JTroUdg56PVaqC8y
# yGe/JG/tnZetmFAoLnJiYshv/ZnpnRRgKvPXdhKrzUJkcjHf+bgq9MZamiBAPciJ
# /juLt2tPnQoj9H1lZihjFz7YLbgBPQ==
# -----END CERTIFICATE-----
# tls.key: |-
# -----BEGIN PRIVATE KEY-----
# ...
# vrBbeOQcq5qG7hL3Do3yNYXj58pBAkBYpL+yawMxtMFDnckJ0hdkcpxTG0e0qeKy
# KeAS3QlFFgNOj3n3EV3/AmKnN3DSDcSgu+J9Tyw8L5jkq87WX4p5AkBGeD+A6baD
# ssitmZdrtJ6zLGbFGFkWk34mRq8csIcxnwhzVgIpJF6oPnreE6FgTh3GwBzguNsy
# Vnr96rwkf345
# -----END PRIVATE KEY-----