An Introduction to Kube-Lego

•

1 like•2,238 views

Kube-Lego is an open source tool that automates certificate provisioning for Kubernetes using the ACME protocol and Let's Encrypt. It uses ingress resources and controllers to request and renew SSL/TLS certificates and configure services with HTTPS. Kube-Lego monitors ingress resources for changes and requests certificates from an ACME server by completing challenges, then deploys the certificates to ingress controllers like Nginx to secure services. Future work may include improved failure handling, configuring certificate options, and supporting additional ACME challenges.

Software

Kube-Lego
Automated certificate provisioning for Kubernetes using ACME
https://github.com/jetstack/kube-lego
@JetstackHQ
Image: (CC BY-SA 4.0) Arto Alanenpää

● ACME Protocol
● Ingress Resources & Controllers
● Kube-Lego Flow
● Demo
● Kube-Lego Roadmap
Agenda

@ DNS admins in the audience, please point any hostname via
a CNAME record to:
kube-lego.jetstack.io
and tweet the hostname @jetstackhq
Demo Preparation

ACME / Let’s Encrypt Protocol
● Well defined Protocol for interacting with a CA
● Supports different challenges
○ HTTP
○ DNS
○ TLS-SNI
○ Proof of possession of a prior key
● User account
● Maximum certificate lifetime 90 days
Automated Certificate Management Environment

Ingress-Controller
Resource
spec:
rules:
- host: foo.bar.com
http:
paths:
- backend:
serviceName: s1
servicePort: 80
- host: bar.foo.com
http:
paths:
- backend:
serviceName: s2
servicePort: 80
● More advanced than services
● Not implemented in tree
● L4 - L7

Ingress-Controller
Nginx
● Runs inside your cluster
● Exposed through services (typically type=LoadBalancer)
● Listens to changes of Ingress resources via K8S-API
=> writes out nginx.conf and reloads nginx
● Custom configuration easily possible
○ Basic Auth
○ HSTS
○ LDAP Auth

Ingress-Controller
Google Cloud Engine Load Balancers
● L7 Load Balancing as a service
● Depending on features of GCE Forwarding Rules
● Ingress controller watches changes in K8S API and configures
GCE accordingly
● One ingress object equals one Load Balancer in K8S
● Servics need to be of type=NodePort

Ingress-Controller
Use different Ingress controllers
● Selection of the right controller using
annotation:
kubernetes.io/ingress.class:
"nginx"
kubernetes.io/ingress.class: "gce"
● Same ingress configuration is handled differently on GCE vs.
NGINX
○ Paths / vs. /*
○ Order of backends
○ Aggregation of multiple resources vs. isolated instances

Future Work / Roadmap
Kube-Lego roadmap
● Better failure handling (marking requests as permanent failed)
● Specify namespaces to watch
● Configure key length and algorithm
● Support TLS-SNI challenge
● Revoke certificates after they have been replaced

Further Information
christian@jetstack.io
github.com/jetstack/kube-lego
@JetstackHQ
Christian Simon

What's hot

Micro services infrastructure with AWS and Ansible

Bamdad Dashtban

Koop: Using 3rd Party Services in ArcGIS

Daniel Fenton

Kubernetes on aws

Yousun Jeong

DevOps in AWS with Kubernetes

Oleg Chunikhin

Wanting distributed volumes - Experiences with ceph-docker

Ewout Prangsma

Kubernetes CI/CD with Helm

Adnan Abdulhussein

Kubernetes kubecon-roundup

Sebastien Goasguen

Running your dockerized application(s) on AWS Elastic Container Service

Marco Pas

Kubernetes - State of the Union (Q1-2016)

DoiT International

Kubernetes on AWS

Grant Ellis

Docker for Fun and Profit

Kel Cecil

Continuous Deployment with Jenkins on Kubernetes

Matt Baldwin

In this talk , we’ll cover how and why Ansible was leveraged to automate routine management of EC2 instances/EBS/EIP/ELB etc and why the Ansible approach towards automation is key for code and system deployments across 100’s of nodes and how we achieved this at Webengage. We will provide an overview of the deployment process and give a demonstration as an example Outlines : How ansible is a straightforward , easy way to manage multiple cloud resources Intended Audience : Previous experience with configuration management systems Previous experience with AWS and Ansible

Automating aws infrastructure and code deployments using Ansible @WebEngage

Vishal Uderani

reInvent 2021 Recap and k9s review

Faheem Memon

Kubernetes 101 Workshop

Vishal Biyani

Adventures in docker compose

LinkMe Srl

Continuous integration with Docker and Ansible

Dmytro Slupytskyi

Kubernetes Introduction

Martin Danielsson

New Relic went all-in with Docker very early, and has continued to stay on the forefront of the container ecosystem, both as a user of the technology and as a monitoring and analytics vendor. Today, a variety of teams utilize Docker in a variety of ways using a mix of home-grown and external OSS frameworks. The Container Fabric team is working on our next generation container platform utilizing Mesos/Marathon and a variety of other OSS tools, like Heka. We will briefly review our setup, and then discuss how we gather data that we care about from the ecosystem and inject it into the various tools we rely on for visibility and analytics. We love the functionality of what we’ve built, and we believe that you will find it useful too.

Monitoring Containers at New Relic by Sean Kane

Docker, Inc.

Container Orchestration using Kubernetes

Hesham Amin

What's hot (20)

Micro services infrastructure with AWS and Ansible

Koop: Using 3rd Party Services in ArcGIS

Kubernetes on aws

DevOps in AWS with Kubernetes

Wanting distributed volumes - Experiences with ceph-docker

Kubernetes CI/CD with Helm

Kubernetes kubecon-roundup

Running your dockerized application(s) on AWS Elastic Container Service

Kubernetes - State of the Union (Q1-2016)

Kubernetes on AWS

Docker for Fun and Profit

Continuous Deployment with Jenkins on Kubernetes

Automating aws infrastructure and code deployments using Ansible @WebEngage

reInvent 2021 Recap and k9s review

Kubernetes 101 Workshop

Adventures in docker compose

Continuous integration with Docker and Ansible

Kubernetes Introduction

Monitoring Containers at New Relic by Sean Kane

Container Orchestration using Kubernetes

Similar to An Introduction to Kube-Lego

Kubernetes at (Organizational) Scale

Jeff Zellner

Container orchestration and microservices world

Karol Chrapek

Kubernetes is trendy. There are tons of presentations on how companies saved lots of money by migrating to Kubernetes. Kubernetes is mostly advertised as a cloud service, but there are companies that can't or don't want to migrate their services to the cloud. For them there are solutions to set up Kubernetes on premise. Before you decide to visit that land, I must warn you: there are demons waiting for you, demons that nobody speaks about in public...

JDO 2019: What you should be aware of before setting up kubernetes on premise...

PROIDEA

IoT Secure Bootsrapping : ideas

Jean-Baptiste Trystram

Altitude San Francisco 2018: Bringing TLS to GitHub Pages

Fastly

Load Balancing in the Cloud using Nginx & Kubernetes

Lee Calcote

Metal-k8s presentation by Julien Girardin @ Paris Kubernetes Meetup

Laure Vergeron

Kubernetes is a container management platform and empowers the scalability to the container. In this repository, we address the issues of how to use Kubernetes with real cases. We start from the basic objects in Kubernetes, Pods, deployments, and Services. This repository is also a tutorial for those with advanced containerization skills trying to step into the Kubernetes. We also provide several YAML examples for those looking for quickly deploying services. Please enjoy it and let's start the journey to Kubernetes.

Kubernetes Basis: Pods, Deployments, and Services

Jian-Kai Wang

Docker Enterprise Workshop - Technical

Patrick Chanezon

Now that we have passed “peak orchestrator” and as Kubernetes eats the world, we are left wondering: how secure is Kubernetes? Can we really run Google-style multi tenanted infrastructure safely? And how can we be sure what we configured yesterday will be in place tomorrow? In this talk we discuss: - the Kubernetes security landscape - risks, security models, and configuration best-practices - how to configure users and applications with least-privilege - how to isolate and segregate workloads and networks - hard and soft multi-tenancy - Continuous Security approaches to Kubernetes.

DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security

DevOpsDays Riga

Introduction to kubernetes

Rishabh Indoria

Extending kubernetes

Gigi Sayfan

In this webinar we discuss new features in NGINX Plus R15, which includes support for gRPC, HTTP/2 Server Push, enhanced clustering, and OpenID Connect SSO integration. Watch this webinar to learn: - About new HTTP/2 enhancements: gRPC and HTTP/2 server push support - About new state sharing and clustering support in NGINX Plus, with support for Sticky Learn session persistence - How to integrate with Okta, OneLogin, and other identity providers to provide single sign on (SSO) for your applications - How to initiate subrequests with the NGINX JavaScript module, new variables, and other great new enhancements in this release https://www.nginx.com/resources/webinars/whats-new-nginx-plus-r15/

What’s New in NGINX Plus R15?

NGINX, Inc.

Ports, pods and proxies

LibbySchulze

What’s New in NGINX Plus R15? - EMEA

NGINX, Inc.

网易云K8S应用实践 | practices for kubernetes cluster provisioning, management and ap...

Xiaohui Chen

[GS네오텍] Google Kubernetes Engine

GS Neotek

Docker on docker leveraging kubernetes in docker ee

Docker, Inc.

K8s hard-way on DigitalOcean

CloudYuga

Kubernetes is designed to be an extensible system. But what is the vision for Kubernetes Extensibility? Do you know the difference between webhooks and cloud providers, or between CRI, CSI, and CNI? In this talk we will explore what extension points exist, how they have evolved, and how to use them to make the system do new and interesting things. We’ll give our vision for how they will probably evolve in the future, and talk about the sorts of things we expect the broader Kubernetes ecosystem to build with them.

Kubernetes extensibility

Docker, Inc.

Similar to An Introduction to Kube-Lego (20)

Kubernetes at (Organizational) Scale

Container orchestration and microservices world

JDO 2019: What you should be aware of before setting up kubernetes on premise...

IoT Secure Bootsrapping : ideas

Altitude San Francisco 2018: Bringing TLS to GitHub Pages

Load Balancing in the Cloud using Nginx & Kubernetes

Metal-k8s presentation by Julien Girardin @ Paris Kubernetes Meetup

Kubernetes Basis: Pods, Deployments, and Services

Docker Enterprise Workshop - Technical

DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security

Introduction to kubernetes

Extending kubernetes

What’s New in NGINX Plus R15?

Ports, pods and proxies

What’s New in NGINX Plus R15? - EMEA

网易云K8S应用实践 | practices for kubernetes cluster provisioning, management and ap...

[GS네오텍] Google Kubernetes Engine

Docker on docker leveraging kubernetes in docker ee

K8s hard-way on DigitalOcean

Kubernetes extensibility

Recently uploaded

WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation

WSO2

Craft an AI & Machine Learning Pitch with our Editable Professional PowerPoint Template. Ignite your AI & Machine Learning pitch with our cutting-edge PowerPoint template tailored for the industry. Perfect for AI conferences, investor presentations, sales pitches to tech-focused companies, training sessions, and educational programs. - 20+ editable slides: Get a variety of options to choose from for your presentation. - Time-saving solution: Download, replace text/images with a few clicks. - User-friendly customization: Easy to use and personalize. - Modern and attractive design: Captivating visuals, sleek layout. - Tailored to your requirements: Fully alterable for customization. - Well-organized slides: Complete control over content. - Thematic specificity: Reflects healthcare industry with relevant graphics. - Showcase your business idea: Communicate value proposition effectively.

AI & Machine Learning Presentation Template

Presentation.STUDIO

%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview

masabamasaba

%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg

masabamasaba

WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...

WSO2

We specialize in Psychic Readings, Psychic Love Spells, Binding Love Spells, Obsession Spells, Voodoo Spells, Lottery Spells, Marriage Spells, Black Magic Spells, Palm Readings & much more. Are you depressed? We perform this come-to-me love spell that works instantly with the aim of bringing back the victim to the person performing the magic. Have you lost your lover? We perform this come-to-me love spell that works instantly with the aim of bringing back the victim to the person performing the magic. Have you lost your lover? Do u need to solve any relationship problem? Contact the powerful spells caster chief kule with love spells that work overnight and love spells that really work. Have you found yourself infatuated with a special someone you think could be the one? Are you looking for a spell to provide them with a nudge in the right direction? Or maybe the spell you cast didn’t achieve the results you were hoping for? Whether you’re new or versed in the ways of spell casting, we’re here to help. Today we’re going to provide you with a detailed guide on the types of love spells to cast. Not only that but there’s something for those who wish to find outside advice from more advanced spell casters. We’re also going to provide you with the top sites available to help you with your dilemma. Let’s begin our journey by educating ourselves on love magic and what a real love caster looks like. Love Magic and Love Casters Love magic made its first appearance back in Ancient Egypt and has been an active practice since. This type of magic is a branch of traditional magic and can be practiced in various ways. Typically the more common use of love magic is through the work of spells, but other methods look like Charms Rituals-LOVE Potions-Dolls and even Amulets If you are interested in becoming a love caster, be prepared for what’s to come. A genuine love caster knows that the art of love casting is no easy feat and shouldn’t be done casually. You should know that not only does it require you to be gifted spiritually, but you must be ready to serve others. Someone who is considered a real love caster has experience in all manner of spells, no matter the difficulty. Training yourself in attraction, commitment, and marriage spells is an excellent place to start. But this by no means will make you a professional. Practice your craft and expand your knowledge; understand that you will possess the ability to help others in time truly. Types of Love Spells What better way to start broadening your experiences with love spells than by learning more about them? These spells work like just about any other spell. Simply apply your intention, use a medium (sigils, mantras, candles, or charm bags), and top it off with establishing the belief that you will receive what you want. So what kind of spells are available and which ones suit your needs the best? Let’s take a look at the many options you have at your disposal

%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...

masabamasaba

Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pretoria ● Abortion Pills For Sale In Pretoria ● Pretoria 🏥🚑!! Abortion Clinic Near Me Cost, Price, Women's Clinic Near Me, Abortion Clinic Near, Abortion Doctors Near me, Abortion Services Near Me, Abortion Pills Over The Counter, Abortion Pill Doctors' Offices, Abortion Clinics, Abortion Places Near Me, Cheap Abortion Places Near Me, Medical Abortion & Surgical Abortion, approved cyctotec pills and womb cleaning pills too plus all the instructions needed This Discrete women’s Termination Clinic offers same day services that are safe and pain free, we use approved pills and we clean the womb so that no side effects are present. Our main goal is that of preventing unintended pregnancies and unwanted births every day to enable more women to have children by choice, not chance. We offer Terminations by Pill and The Morning After Pill.” Our Private VIP Abortion Service offers the ultimate in privacy, efficiency and discretion. we do safe and same day termination and we do also womb cleaning as well its done from 1 week up to 28 weeks. We do delivery of our services world wide SAFE ABORTION CLINICS/PILLS ON SALE WE DO DELIVERY OF PILLS ALSO Abortion clinic at very low costs, 100% Guaranteed and it’s safe, pain free and a same day service. It Is A 45 Minutes Procedure, we use tested abortion pills and we do womb cleaning as well. Alternatively the medical abortion pill and womb cleansing !!!

Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...

Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg

In today's dynamic e-commerce landscape, the payment gateway emerges as a linchpin, ensuring smooth and secure transactions between buyers and sellers. In this discourse, we delve into the meticulous process of devising test cases tailored for scrutinizing payment gateways. Crafting precise test cases for payment gateways is a quintessential responsibility for testers operating within the service industry. This article meticulously explores pivotal scenarios integral to how to test payment gateways, coupled with essential guidelines for drafting effective test cases.

Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf

kalichargn70th171

%in Harare+277-882-255-28 abortion pills for sale in Harare

masabamasaba

%in kempton park+277-882-255-28 abortion pills for sale in kempton park

masabamasaba

+971565801893 Mtp-Kit (500MG) Prices » Dubai [(+971565801893**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Leen Whatsapp +971565801893 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971565801893''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971565801893' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Clinic in Abu Dhabi, United Arab Emirates.+971565801893

+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...

Health

Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in Tembisa ● Abortion Pills For Sale in Tembisa ● Tembisa 🏥🚑!! Abortion Clinic Near Me Cost, Price, Women's Clinic Near Me, Abortion Clinic Near, Abortion Doctors Near me, Abortion Services Near Me, Abortion Pills Over The Counter, Abortion Pill Doctors' Offices, Abortion Clinics, Abortion Places Near Me, Cheap Abortion Places Near Me, Medical Abortion & Surgical Abortion, approved cyctotec pills and womb cleaning pills too plus all the instructions needed This Discrete women’s Termination Clinic offers same day services that are safe and pain free, we use approved pills and we clean the womb so that no side effects are present. Our main goal is that of preventing unintended pregnancies and unwanted births every day to enable more women to have children by choice, not chance. We offer Terminations by Pill and The Morning After Pill.” Our Private VIP Abortion Service offers the ultimate in privacy, efficiency and discretion. we do safe and same day termination and we do also womb cleaning as well its done from 1 week up to 28 weeks. We do delivery of our services world wide SAFE ABORTION CLINICS/PILLS ON SALE WE DO DELIVERY OF PILLS ALSO Abortion clinic at very low costs, 100% Guaranteed and it’s safe, pain free and a same day service. It Is A 45 Minutes Procedure, we use tested abortion pills and we do womb cleaning as well. Alternatively the medical abortion pill and womb cleansing !!!

Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...

Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg

ADR, or Architecture Decision Record, is a valuable tool in software development for several reasons. It provides a centralized location for documenting and tracking architectural decisions, aiding both current and future team members. ADRs enhance communication among team members by documenting the rationale behind architectural decisions, especially beneficial during onboarding of new team members or when revisiting decisions. They serve as a knowledge base, enabling teams to learn from past decisions and refine their decision-making process. Additionally, ADRs contribute to transparency by helping stakeholders understand the reasons behind specific architectural choices. As with any other tool or process, introducing them into an organization can face several obstacles, and overcoming these challenges is crucial for successful implementation. In this talk I go through some common problems and our way of solving them.

Architecture decision records - How not to get lost in the past

Papp Krisztián

%in Soweto+277-882-255-28 abortion pills for sale in soweto

masabamasaba

WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...

WSO2

%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain

masabamasaba

OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...

Shane Coughlan

WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...

WSO2

Investing in AI transformation today The modern business advantage: Uncovering deep insights with AI Organizations around the world have come to recognize AI as the transformative technology that enables them to gain real business advantage. AI’s ability to organize vast quantities of data allows those who implement it to uncover deep business insights, augment human expertise, drive operational efficiency, transform their products, and better serve their customers

Microsoft AI Transformation Partner Playbook.pdf

Willy Marroquin (WillyDevNET)

%in tembisa+277-882-255-28 abortion pills for sale in tembisa

masabamasaba

Recently uploaded (20)

WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation

AI & Machine Learning Presentation Template

%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview

%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg

WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...

%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...

Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...

Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf

%in Harare+277-882-255-28 abortion pills for sale in Harare

%in kempton park+277-882-255-28 abortion pills for sale in kempton park

+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...

Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...

Architecture decision records - How not to get lost in the past

%in Soweto+277-882-255-28 abortion pills for sale in soweto

WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...

%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain

OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...

WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...

Microsoft AI Transformation Partner Playbook.pdf

%in tembisa+277-882-255-28 abortion pills for sale in tembisa

An Introduction to Kube-Lego

1. Kube-Lego Automated certificate provisioning for Kubernetes using ACME https://github.com/jetstack/kube-lego @JetstackHQ Image: (CC BY-SA 4.0) Arto Alanenpää

2. ● ACME Protocol ● Ingress Resources & Controllers ● Kube-Lego Flow ● Demo ● Kube-Lego Roadmap Agenda

3. @ DNS admins in the audience, please point any hostname via a CNAME record to: kube-lego.jetstack.io and tweet the hostname @jetstackhq Demo Preparation

4. ACME / Let’s Encrypt Protocol ● Well defined Protocol for interacting with a CA ● Supports different challenges ○ HTTP ○ DNS ○ TLS-SNI ○ Proof of possession of a prior key ● User account ● Maximum certificate lifetime 90 days Automated Certificate Management Environment

5. Ingress-Controller Resource spec: rules: - host: foo.bar.com http: paths: - backend: serviceName: s1 servicePort: 80 - host: bar.foo.com http: paths: - backend: serviceName: s2 servicePort: 80 ● More advanced than services ● Not implemented in tree ● L4 - L7

6. Ingress-Controller Nginx ● Runs inside your cluster ● Exposed through services (typically type=LoadBalancer) ● Listens to changes of Ingress resources via K8S-API => writes out nginx.conf and reloads nginx ● Custom configuration easily possible ○ Basic Auth ○ HSTS ○ LDAP Auth

7. SSL Report Nginx has A+ Grade rating

8. Ingress-Controller Google Cloud Engine Load Balancers ● L7 Load Balancing as a service ● Depending on features of GCE Forwarding Rules ● Ingress controller watches changes in K8S API and configures GCE accordingly ● One ingress object equals one Load Balancer in K8S ● Servics need to be of type=NodePort

9. Ingress-Controller Use different Ingress controllers ● Selection of the right controller using annotation: kubernetes.io/ingress.class: "nginx" kubernetes.io/ingress.class: "gce" ● Same ingress configuration is handled differently on GCE vs. NGINX ○ Paths / vs. /* ○ Order of backends ○ Aggregation of multiple resources vs. isolated instances

10.

11.

12.

13.

14.

15.

16.

17.

18. Demo

19. Future Work / Roadmap Kube-Lego roadmap ● Better failure handling (marking requests as permanent failed) ● Specify namespaces to watch ● Configure key length and algorithm ● Support TLS-SNI challenge ● Revoke certificates after they have been replaced

20. Further Information christian@jetstack.io github.com/jetstack/kube-lego @JetstackHQ Christian Simon

An Introduction to Kube-Lego

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to An Introduction to Kube-Lego

Similar to An Introduction to Kube-Lego (20)

Recently uploaded

Recently uploaded (20)

An Introduction to Kube-Lego