How to fully automate retrieving TLS certificates with Kubernetes



Recently one of my favourite ways to tackle an infrastructure issue has been to write a Kubernetes controller that deals with the issue.

The idea behind a controller in Kubernetes is quite simple. Your Kubernetes API server contains a description of a desired target state. To get to that target state, a set of controllers constantly run reconciliation loops to take care of whatever small bit of that state is their responsibility.

Recently I’ve wanted to have a fully automated way of retrieving TLS certificates from Let’s Encrypt. This seemed like a perfect fit for a Kubernetes controller, so I got to work and am now presenting release 1.2 of the Kubernetes Letsencrypt Controller.

One feature of Let’s Encrypt is their support for DNS-based challenges. To verify your domain ownership you add a specific TXT record which is validated by Let’s Encrypt.

My controller makes use of that feature and currently implements validation support for both Google Cloud DNS and Amazon Route53. Head over to the repository’s README for details on how to set it up.

Basically the process to get a certificate is now as simple as:

Add an annotation acme/certificate: to any of your Service resources.

Wait a few minutes until you find your certificate in a Secret resource called www-mydomain-com-tls.

That’s it!

This way you don’t have to deal with routing temporary challenge URLs on your webserver or any of that stuff. It just works!


Starter for 10: Meet Jonna Iljin, Nordcloud’s Head of Design

When people start working with Nordcloud, they generally comment on 2 things. First, how friendly and knowledgeable everyone is. Second,...


Building better SaaS products with UX Writing (Part 3)

UX writers are not omniscient, and it’s best for them to resist the temptation to work in isolation, just as...


Building better SaaS products with UX Writing (Part 2)

The main purpose of UX writing is to ensure that the people who use any software have a positive experience.

Get in Touch

Let’s discuss how we can help with your cloud journey. Our experts are standing by to talk about your migration, modernisation, development and skills challenges.