How to fully automate retrieving TLS certificates with Kubernetes

CATEGORIES

BlogTech

Recently one of my favourite ways to tackle an infrastructure issue has been to write a Kubernetes controller that deals with the issue.

The idea behind a controller in Kubernetes is quite simple. Your Kubernetes API server contains a description of a desired target state. To get to that target state, a set of controllers constantly run reconciliation loops to take care of whatever small bit of that state is their responsibility.

Recently I’ve wanted to have a fully automated way of retrieving TLS certificates from Let’s Encrypt. This seemed like a perfect fit for a Kubernetes controller, so I got to work and am now presenting release 1.2 of the Kubernetes Letsencrypt Controller.

One feature of Let’s Encrypt is their support for DNS-based challenges. To verify your domain ownership you add a specific TXT record which is validated by Let’s Encrypt.

My controller makes use of that feature and currently implements validation support for both Google Cloud DNS and Amazon Route53. Head over to the repository’s README for details on how to set it up.

Basically the process to get a certificate is now as simple as:

Add an annotation acme/certificate: www.mydomain.com to any of your Service resources.

Wait a few minutes until you find your certificate in a Secret resource called www-mydomain-com-tls.

That’s it!

This way you don’t have to deal with routing temporary challenge URLs on your webserver or any of that stuff. It just works!

Blog

Challenges of virtual workshops

In March 2020 I was supposed to give a full-day training about Google Cloud Platform fundamentals. Unfortunately two days before...

Blog

All at sea in cloud migration? These 7 considerations might just save you

1) We moved all our Servers into the cloud, nothing appears to have changed, where’s the benefit? The cloud won’t...

Blog

Stop murdering “Agile”, and be agile instead

“Agile Macabre” on techcamp.hamburg, Apr-2020 I’ve been leading projects since 2002, becoming a full-blown agilist around 2011. Not so long...

Get in Touch

Let’s discuss how we can help with your cloud journey. Our experts are standing by to talk about your migration, modernisation, development and skills challenges.








How the cloud is changing the IT sourcing game

CATEGORIES

BlogInsights

Five years ago, the cloud was comprised of three components; compute, network, and storage. Hence, when you compared the cloud to legacy hosting arrangements the main difference was that cloud operated a pay-per-use/pay-as-you-go model with instant capacity. From a services perspective, it was essentially the same as a virtual environment. Today, the cloud means value added services on top of the IaaS layer, and there are only three players with a complete offering: Amazon Web Services, Google Cloud Platform, and Microsoft Azure.

The big three cloud players are all solving horizontal IT problems with services ranging from databases, data warehousing, mobile push notifications, and IoT solutions. Companies leverage these services to get their products to their customers faster and to reduce project and support costs. New services are also introduced each month – all with the same billing and security framework. Today, all hosting providers are competing simultaneously with AWS, Azure and Google, which creates an element of risk in long-term hosting contracts.

What implication does this have on cloud-sourcing?

It is important to ensure that hosting and cloud sourcing arrangements do not prevent your ability to leverage the cloud to the maximum. Traditional outsourcing is often done in a way that creates a deep frozen environment that responds very slowly to changing business requests – that is why digital transformation quite often starts as shadow IT. Therefore, any cloud RFP should consider a breadth of cloud services, support for DevOps and self-service, separate cost models for capacity and support services, as well as proven capability to increase IT productivity with the cloud.

Additionally, the delivery of commercial software is changing. Increasingly the software is delivered as service in IaaS, such as an MS SQL server in Azure and Amazon. Cloud vendors also have marketplaces which provide pay per hour licensing models for a growing number of ISV software as preconfigured images. This reduces the cost of buying as there is no license management and pricing negotiations to worry about, but it requires the IT organisation to ensure the necessary spend controls.

The cloud is changing the IT sourcing game and we’ll be having a series of events that will explore this topic in more detail. If you would like to learn more on cloud-sourcing best practices or our future events, then please contact us and a member of the Nordcloud team will get back to you shortly.

Blog

Challenges of virtual workshops

In March 2020 I was supposed to give a full-day training about Google Cloud Platform fundamentals. Unfortunately two days before...

Blog

All at sea in cloud migration? These 7 considerations might just save you

1) We moved all our Servers into the cloud, nothing appears to have changed, where’s the benefit? The cloud won’t...

Blog

Getting started with ARO – Application deployment

This is the fourth blog post in a four-part series aimed at helping IT experts understand how they can leverage...

Get in Touch

Let’s discuss how we can help with your cloud journey. Our experts are standing by to talk about your migration, modernisation, development and skills challenges.