public

Ingress + LetsEncrypt

kubernetes cert-manager letsencrypt k8-byexamples

Setting up Ingress with SSL termination can feel like a daunting task especially with the plethora of tutorials out there that leave you hanging. In this exercise we will deploy

Matthew Davis
Latest Post Speed kills software engineering. by Matthew Davis public
Screen Shot 2018-10-26 at 3.10.11 AM.png

Setting up Ingress with SSL termination can feel like a daunting task especially with the plethora of tutorials out there that leave you hanging.

In this exercise we will deploy an ingress-controller along with cert-manager using simple specs and `make install`.

Screen Shot 2018-10-23 at 7.16.58 AM

This scenario requires two moving parts:

  1. an Ingress Controller
  2. Cert Manager

The Ingress Controller is basically an nginx pod(s) running a reverse proxy which maps a hostname +/- path to a specific service.

We tell the Ingress Controller about our mapping with an Ingress Resource. Within this Ingress Resource we specify the hostname(s) and path(s) along with which โ€œsecretโ€ to use for SSL decryption.

Cert Manager comes into the picture when we want to have automation for generating (and renewing) certificates from LetsEncrypt. This entire process is abstracted away by using the Cert Manager pod and its Certificate Resource.

Getting Started

We need to clone two GitHub repositories which will help speed things up.

Prior to getting started I recommend that you acquire a static ip address to use and then point your DNS hostname(s) to this ip address.

Reserving a Static IP Address with Google Cloud Platform

gcloud compute addresses create [ADDRESS_NAME] \
    [--region [REGION] | --global ] \
    [--ip-version [IPV4 | IPV6]]

Setup cert-manager

$ git clone https://github.com/mateothegreat/k8-byexamples-cert-manager
$ cd k8-byexamples-cert-manager
$ git submodule update --init
$ make install

Setup ingress-controller

After youโ€™ve provisioned a static ip address you can pass it to the make install command below:

$ git clone https://github.com/mateothegreat/k8-byexamples-ingress-controller
$ cd k8-byexamples-ingress-controller
$ git submodule update --init
$ make install LOADBALANCER_IP=<ip address from above>

Issue new Ingress

You can issue as many ingress resources as you need. Simply use the command below which will create the Ingress + Certificate Request resources for you automatically:

make issue HOST=<somehost.com> SERVICE_NAME=<some service> SERVICE_PORT=<service port>

Troubleshooting Ingress Controller

You can see what the current configuration that has been generated by running:

$ kubectl exec <ingress pod name> -- nginx -T

This will output the entire configuration that has been loaded into memory.

Source code repositories used in this exercise:

Matthew Davis

Published 4 years ago

Previous Post

Spring Boot + Docker on Kubernetes, from scratch

kubernetesspring boot
Next Post

Kubernetes @ Google Cloud Platform (GKE)

kubernetesgke
need a helping hand? hire me! matthew@matthewdavis.io
made with โค๏ธ in NY.