command below gives an error: error: flag key is required
kubectl create secret tls k8-secret2 \
-n ingress-tls-test1 \
--cert ingress-tls-test1.pfx
I am able to create the secret using .crt and .key file:
kubectl create secret tls aks-ingress-tls \
--namespace ingress-basic \
--key aks-ingress-tls.key \
--cert aks-ingress-tls.crt
I needed to create a kube tls secret from .pfx file today Credits to: https://adolfi.dev/blog/tls-kubernetes/
## you will enter the pfx PW on on the CMD/terminal
openssl pkcs12 -in pfx-filename.pfx -nocerts -out key-filename.key
openssl rsa -in key-filename.key -out key-filename-decrypted.key
openssl pkcs12 -in pfx-filename.pfx -clcerts -nokeys -out crt-filename.crt ##remove clcerts to get the full chain in your cert
kubectl create secret tls your-secret-name --cert crt-filename.crt --key key-filename-decrypted.key
While creating k8s( up to v1.19) secret of type: kubernetes.io/tls, you must provide two keys; tls.key and tls.crt. If you use kubectl to create a secret, you can use --cert and --key flags to provide the values of those keys.
The public key certificate for --cert must be .PEM encoded (Base64-encoded DER format), and match the given private key for --key.
Since the .pfx certificate uses different encoding and stores all into a single encryptable file, you don't have separate certs and keys files to fulfil the requirements.
But you can create a secret of the type Opaque instead of TLS.
$ kubectl create secret generic k8-secret2 --from-file=crt.pfx=./ingress-tls-test1.pfx
kubernetes v1.20 - you can create TLS secret imperatively:
Syntax:
kubectl create secret (command) (secret-name) (namespace) (cert) (key)
Example:
kubectl create secret tls webhook-server-tls --namespace webhook-demo --cert /root/keys/webhook-server-tls.crt --key /root/keys/webhook-server-tls.key
