10-23, 17:00–17:30 (US/Eastern), Side Room
You’re deploying a project with a Kubernetes service that can be accessed using port-forward or an external IP, by using the load balancer service type. But when it’s time to deploy the project into production, the documentation doesn’t explain how to set up TLS. Now what?
Cert-manager to the rescue! Cert-manager makes it easy to generate a TLS certificate, which can be used to enable HTTPS (secure HTTP) access to an application. During this presentation and live demo, Onkar will show attendees how to:
Install cert-manager
Deploy a certificate issuer using “Let's Encrypt” and a DNS-01 resolver
Provision a TLS certificate using cert-manager and the certificate issuer
Create DNS records to map a domain name to the application's external IP addresses
Deploy an application with the TLS certificate and demo how to access the application using HTTPS on a browser
The audience will walk away with a concrete set of steps for deploying their application with TLS, so it can be accessed using HTTPS.
We deploy Kubernetes clusters in our CI/CD pipeline on a daily basis. In order to build a cloud native product that’s ready for production environments, the applications we deploy within the clusters must have TLS enabled, so that the product can be tested against them. Generating and renewing certificates typically occurs occasionally, so very few people in an organization possess the necessary expertise. Sometimes a certificate expires right before a product release, and the certificate management/renewal process must be quickly re-learned to unblock the pipeline. Understanding how to use cert-manager will benefit anyone in the Kubernetes community who may face such a challenge.
Although cert-manager has been covered in a previous KubeCon presentation, no demos were presented. During this presentation, Onkar will provide an end-to-end demo for a specific use, and take the discussion further by covering the DNS-01 resolver and the creation of DNS records.
Onkar Bhat is an Engineering Manager at Kasten by Veeam. His focus has been in the areas of Authentication, Role-based Access Control (RBAC), APIs, monitoring and multi-cluster management for the purpose of cloud native data protection. He has previously worked in the areas of data protection, networking and security at Big Switch Networks, NetApp and Cisco Systems. Onkar received his MS in Information Networking from Carnegie Mellon University.