Securing Kubernetes Ingress With Let’s Encrypt

Рет қаралды 16,572

2 жыл бұрын

Ready to take that cluster into production? Is it secured?
Learn how to install and configure the Kubernetes Ingress NGINX Controller and connect it with cert-manager to generate TLS certificates using Let's Encrypt. Setting up Ingress and TLS termination ensures that traffic from the internet into your cluster is encrypted, an essential step for a Kubernetes clusters serving in production.
What You'll Learn
- Installing and configuring the Kubernetes NGINX Ingress Controller
- Setting up cert-manager to automatically generate and rotate TLS certificates from Let’s Encrypt
- How to test that TLS termination is working
Presented By

Kim Schlesinger, Developer Advocate, DigitalOcean
Join us live, or register to get the recording after it airs:
do.co/3t8AwoV
- - - - - - - - - -
New to DigitalOcean? Get US $100 in credit when you sign up: do.co/build
Learn and gain inspiration with DigitalOcean Tech Talks: www.digitalocean.com/communit...
Subscribe to the DigitalOcean KZbin channel:
/ digitalocean
Write for DOnations - Share your knowledge and get paid, while supporting tech-focused nonprofits and charities:
www.digitalocean.com/communit...
- - - - - - - - - -
About DigitalOcean
The DigitalOcean Developer Cloud™ simplifies modern app creation for new generations of developers working independently, at tech startups, and within small-to-medium sized businesses around the world.
To learn more about DigitalOcean: www.digitalocean.com/
Follow us on Twitter: / digitalocean
Like us on Facebook: / digitalocean
Follow us on Instagram: / thedigitalo. .
We're hiring: grnh.se/aicoph1
#DOTechTalks #DigitalOcean

Пікірлер: 25

@master2466 Жыл бұрын

This is how the demo should be. She explains everything in clear details, no show off or cryptic talk like some or hiding the real details. She is clearly enjoying the talk and not worried about anything. Well done. Can't parise enough

@eightdeekay 2 жыл бұрын

This video made clear how ingress and cert-manager work that's been baffling me for quite a while. Thank you!

@anishsinha1708 Жыл бұрын

From the bottom of my heart, thank you so much Kim and DigitalOcean. This tutorial is so unbelievably high quality and really helped me set up K8S for my company.

@jdogstersc Жыл бұрын

Kim you are amazing. Thank you so much for the help!!

@Boriu Жыл бұрын

Thank you so much Kim for this wonderfull lesson!!

@user-sm1sd6uw5o Жыл бұрын

Thank you so much for this video. It's very helpful.

@sergiovelazquez958 11 ай бұрын

Excellent video. It was very helpfully. Congratulations

@saikrishnajonnala9290 5 ай бұрын

Thank you very much Kim🎉

@Brocollipy Жыл бұрын

Thanks so much for this video, really great job. I had a setup in the "Day 1" zone and hoped for a quickie solution to get https... of course there wasn't one. Eventually worked through all my kinks after about 20hrs. If any one has trouble getting stuck at the Pending certificate phase there's a fix by going to a DO summary called "How to Set Up an Nginx Ingress with Cert-Manager on DigitalOcean Kubernetes" and go to Part 5. This is to allow the pods to be able to run the acme auth link.

@DigitalOcean Жыл бұрын

And here's that link if anyone runs into similar issues and needs to follow the same steps www.digitalocean.com/community/tutorials/how-to-set-up-an-nginx-ingress-with-cert-manager-on-digitalocean-kubernetes#step-5-enabling-pod-communication-through-the-load-balancer-optional

@alfredorivera7038 Жыл бұрын

finally my ingress works!! thank you

@muhamadkomarhidayat6213 Ай бұрын

thank you so much i really appreciate it, already subscribe and like, even i use gcp for now

@vitusyu9583 4 ай бұрын

Just watched your video. Very informative. Would you tell me where to find the coming schedule of online sessions?

@unknownhero6187 2 жыл бұрын

How does actually a Digital Ocean Load Balancer implemented? Is it Nginx or Istio? Is it l4 or l7 load balancer?

@Ecolariat 7 ай бұрын

Great Video! Thank you - got everything up and running. One question - how do you remove the comments in code . ? I've been manually deleting, what shortcut keys did you use in the video to remove them?

@ignacio6655 Жыл бұрын

This was an excellent tutorial, many thanks. I would like to ask something, in the ingress.yaml you set the port number to 8080, when actually the service runs on port 80. It was fixed in the GitHub repo as well. My question is: why did it work if the service was only listening to port 80? I have tried both ports 80 and 8080 and work. I cannot find an explanation for this, maybe because port 80 and 8080 are treated by k8s as the same port? Thanks!

@DigitalOcean Жыл бұрын

Hi Ignacio, That is a great question. It also shows that you have watched the tutorial with an eagle eye. Kudos! Here is the explanation: No, Kubernetes is not treating 80 and 8080 as the same ports. Here is why it worked in both cases, First scenario: In the echo_service.yaml, the service port 80 was mapped to targetPort 8080. In the ingress.yaml we had the backend service port to 80. When you try to reach the URL, let’s say echo.domain.com, it gets routed to :8080 Second scenario: In the echo_service.yaml, the service port 80 was mapped to targetPort 8080. In the ingress.yaml we had the backend service port to 8080. When you try to reach the URL, let’s say echo.domain.com, you are directly accessing the :8080 It is not a good practice to use the containerPort in the ingress.yaml (aka second scenario). If you want to inspect further, you can describe the ingress resource in both scenarios and you will see the backend endpoints. `kubectl describe ingress ingress-echo -n backend` If you want to go a bit further, you can inspect the logs of the ingress-nginx/ingress-nginx-controller We hope to have clarified your doubt :)

@unknownhero6187 2 жыл бұрын

Thank you for the excellent tutorial! Could you please explain why we need a Digital Ocean Load Balancer in front of our k8s cluster? Can't the Nginx ingress controller handle it on its own?

@DigitalOcean 2 жыл бұрын

Hey UnknownHero! We saw both your comments, so here are answers to both: We need the DigitalOcean load balancer because it creates a static IP address that we can map to our domain name. We then pass the traffic from the DO load balancer to the nginx controller which sends the traffic to our Kubernetes services, which directs traffic to individual pods. The DO load balancer works at layer 4, while the nginx controller works at layer 7. Our friends at Ambassador Labs have a great explainer covering Kubernetes Networking. Check it out! www.getambassador.io/docs/emissary/latest/topics/concepts/kubernetes-network-architecture/

@unknownhero6187 2 жыл бұрын

@@DigitalOcean Thanks!

@unknownhero6187 2 жыл бұрын

@@DigitalOcean but have you written the source code of the load balancer on your own? Or you have used some open source technologies?

@painoj1 2 жыл бұрын

@@unknownhero6187 when you install ingress-nginx controller and set the "type" as loadbalancer (opposed to nodeIP/clusterIP), digitalocean, linode and other kubernetes providers will create a loadbalancer that automatically balances between the kubernetes nodes (at an additional cost)