Support and enforce SSL for external services

Question

Support and enforce SSL for external services

Closed this issue 6 years ago · 4 comments

Issue
Currently, the only external service I host on Kubernetes (my blog) supports just http connections. I'd like to support, and potentially even force, SSL for all external services I run on Kubernetes.

Implementation
cert-manager appears to be the recommended method for doing this.

Definition of Done

https://mattjmcnaughton.com works.
NextCloud is exposed on public internet over HTTPs.
I have some form of monitoring/alerting on SSL certificate expiration.
Blog post.

Answer 1 · 2018-11-09T03:40:09.000Z

Also check out https://github.com/kubernetes-incubator/external-dns for managing external DNS and https://kubernetes.github.io/ingress-nginx/ for managing the ingress.

Answer 2 · 2018-11-09T03:49:34.000Z

Once we make this change, add authentication to our applications and expose them publicly.

Answer 3 · 2018-11-23T16:25:31.000Z

Also, during this migration, we'll ensure that our cluster only ever needs one ELB, and we perform all routing via ingress.

Answer 4 · 2018-12-12T02:53:12.000Z

https://www.youtube.com/watch?v=aN9nVa8yeBo
https://medium.com/@elad.ishay_10522/exposing-kubernetes-workloads-to-the-world-without-losing-sleep-or-your-mind-71776968d3e5
https://www.youtube.com/watch?v=9uU2QMAiZrI