DevOps Tricks

Get latest articles on devops staff.

Secure K8s Application with Free Let’s Encrypt SSL/TLS Cert using Cert Manager

No Comments on Secure K8s Application with Free Let’s Encrypt SSL/TLS Cert using Cert ManagerPosted in Kubernetes By Aftab AliPosted on Tagged ,

Introduction

Nginx Ingress is an open-source Kubernetes Ingress controller that uses Nginx as a reverse proxy to manage and route external traffic to services within a Kubernetes cluster. In Kubernetes, an Ingress is an API object that provides HTTP and HTTPS routing to services based on rules. In other words, it acts as an entry point for external traffic to reach services deployed in the Kubernetes cluster.

Step 1: Install Cert-Manager

To configure Let’s Encrypt SSL with Nginx Ingress in Kubernetes, you’ll need to use the cert-manager tool, which automates the management and issuance of TLS certificates. Follow the steps below to set up Let’s Encrypt SSL with Nginx Ingress:

kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v1.5.3/cert-manager.yaml

Step 2: Creating ClusterIssuer or Issuer

A ClusterIssuer is a cluster-wide resource, while an Issuer is namespace-specific. Choose the one that fits your needs. Below is an example of a ClusterIssuer, Create a file named letsencrypt-cluster-issuer.yaml and apply it:

nano letsencrypt-cluster-issuer.yaml

Paste the following code.

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: your-email@example.com
    privateKeySecretRef:
      name: letsencrypt-prod
    solvers:
      - http01:
          ingress:
            class: nginx

Replace your-email@example.com with your email address.

Step 3: Apply the ClusterIssuer

We need to use the given command to deploy the ClusterIssuer.

kubectl apply -f letsencrypt-cluster-issuer.yaml

Step 4: Update Ingress Resource for SSL

Modify your existing Ingress resource to include TLS settings. Create or update your Ingress resource with the following changes:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: sample-ingress
  namespace: default
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
    cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
  tls:
  - hosts:
    - example.com
    secretName: sample-ingress-tls
  rules:
  - host: example.com
    http:
      paths:
      - path: /app
        pathType: Prefix
        backend:
          service:
            name: app-service
            port:
              number: 80

The tls section specifies the domain (example.com) and the secretName for the TLS certificate.

Step 5: Apply the updated Ingress resource

Applying the updated ingress resources by using given command.

kubectl apply -f your-updated-ingress.yaml

Step 6: Verify Certificate Issuance

Monitor the status of the certificate issuance:

kubectl get certificates -n default

Once the certificate is ready, it should have a status of Ready: True.

Step 7: Access Your Application over HTTPS

Once the certificate is issued and ready, you should be able to access your application over HTTPS.

That’s it! You’ve configured Let’s Encrypt SSL with Nginx Ingress using cert-manager in Kubernetes. Remember to replace example.com and your-email@example.com with your actual domain and email address.

Conclusion

We have successfully deploy and configure ssl with k8s application, If you still have questions, please post them in the comments section below.

Author

Secure K8s Application with Free Let’s Encrypt SSL/TLS Cert using Cert Manager

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top