How to fully automate retrieving TLS certificates with Kubernetes

CATEGORIES

BlogTech

Recently one of my favourite ways to tackle an infrastructure issue has been to write a Kubernetes controller that deals with the issue.

The idea behind a controller in Kubernetes is quite simple. Your Kubernetes API server contains a description of a desired target state. To get to that target state, a set of controllers constantly run reconciliation loops to take care of whatever small bit of that state is their responsibility.

Recently I’ve wanted to have a fully automated way of retrieving TLS certificates from Let’s Encrypt. This seemed like a perfect fit for a Kubernetes controller, so I got to work and am now presenting release 1.2 of the Kubernetes Letsencrypt Controller.

One feature of Let’s Encrypt is their support for DNS-based challenges. To verify your domain ownership you add a specific TXT record which is validated by Let’s Encrypt.

My controller makes use of that feature and currently implements validation support for both Google Cloud DNS and Amazon Route53. Head over to the repository’s README for details on how to set it up.

Basically the process to get a certificate is now as simple as:

Add an annotation acme/certificate: www.mydomain.com to any of your Service resources.

Wait a few minutes until you find your certificate in a Secret resource called www-mydomain-com-tls.

That’s it!

This way you don’t have to deal with routing temporary challenge URLs on your webserver or any of that stuff. It just works!

Blog

An introduction to OpenShift

This is the second blog in a four-part series on OpenShift and specifically on Azure Red Hat OpenShift (ARO). In...

Blog

How can you maximize the value from your data?

Your market is changing in faster and less predictable ways than ever before. Enterprises of all sizes suffer from data...

Blog

Introducing Google Coral Edge TPU – a New Machine Learning ASIC from Google

Introducing Google Coral Edge TPU - a new machine learning ASIC from Google.

Get in Touch

Let’s discuss how we can help with your cloud journey. Our experts are standing by to talk about your migration, modernisation, development and skills challenges.








How the cloud is changing the IT sourcing game

CATEGORIES

BlogInsights

Five years ago, the cloud was comprised of three components; compute, network, and storage. Hence, when you compared the cloud to legacy hosting arrangements the main difference was that cloud operated a pay-per-use/pay-as-you-go model with instant capacity. From a services perspective, it was essentially the same as a virtual environment. Today, the cloud means value added services on top of the IaaS layer, and there are only three players with a complete offering: Amazon Web Services, Google Cloud Platform, and Microsoft Azure.

The big three cloud players are all solving horizontal IT problems with services ranging from databases, data warehousing, mobile push notifications, and IoT solutions. Companies leverage these services to get their products to their customers faster and to reduce project and support costs. New services are also introduced each month – all with the same billing and security framework. Today, all hosting providers are competing simultaneously with AWS, Azure and Google, which creates an element of risk in long-term hosting contracts.

What implication does this have on cloud-sourcing?

It is important to ensure that hosting and cloud sourcing arrangements do not prevent your ability to leverage the cloud to the maximum. Traditional outsourcing is often done in a way that creates a deep frozen environment that responds very slowly to changing business requests – that is why digital transformation quite often starts as shadow IT. Therefore, any cloud RFP should consider a breadth of cloud services, support for DevOps and self-service, separate cost models for capacity and support services, as well as proven capability to increase IT productivity with the cloud.

Additionally, the delivery of commercial software is changing. Increasingly the software is delivered as service in IaaS, such as an MS SQL server in Azure and Amazon. Cloud vendors also have marketplaces which provide pay per hour licensing models for a growing number of ISV software as preconfigured images. This reduces the cost of buying as there is no license management and pricing negotiations to worry about, but it requires the IT organisation to ensure the necessary spend controls.

The cloud is changing the IT sourcing game and we’ll be having a series of events that will explore this topic in more detail. If you would like to learn more on cloud-sourcing best practices or our future events, then please contact us and a member of the Nordcloud team will get back to you shortly.

Blog

An introduction to OpenShift

This is the second blog in a four-part series on OpenShift and specifically on Azure Red Hat OpenShift (ARO). In...

Blog

What it’s like to be a new hire during Covid-19

We all have been there before, the thrill of getting that call when your future manager makes the offer. You...

Blog

A Recruiter’s Perspective on Remote Work

In the times of the Coronavirus you can read a lot about ways of switching to the remote ways of...

Get in Touch

Let’s discuss how we can help with your cloud journey. Our experts are standing by to talk about your migration, modernisation, development and skills challenges.