The Modern Full Life Cycle of a Web Application - TLS Certificates
Intro
This article continues the cycle of the “The Modern Full Life Cycle of a Web Application” articles series.
Please find the previous ones on the following links:
The Modern Full Life Cycle of a Web Application - Intro
The Modern Full Life Cycle of a Web Application - The Stack
The Modern Full Life Cycle of a Web Application - Local K8s Cluster
Encryption
Encryption is one of the pillars of the security in the computers communication.
In our case, we will have an HTTP communication between a client and a server.
We will be in charge of the server side and we want to make sure that the client is connecting to us via an encrypted channel.
The HTTP over TLS (also known as SSL) is called HTTPS.
The TLS component requires signed certificates.
The TLS certificates can be either self signed or CA signed.
Only the CA signed TLS certificates are recognized by the browsers.
One way to get a CA signed certificate for free is to use Letsencrypt.
I will show how the Letsencrypt certificates can be used when the environment is going to be provisioned in a public cloud.
Deploy the cert-manager
Because the IP we have on our local computer is not a public one, we can't use the Letsencrypt service to get a CA signed certificate recognized by all the clients. To solve this problem, we need a way to generate self-signed certificates into the Kubernetes cluster that are available to the Nginx proxy.
kubectl create namespace cert-manager
helm repo add jetstack https://charts.jetstack.io
helm repo update
helm install \
cert-manager jetstack/cert-manager \
--namespace cert-manager \
--create-namespace \
--version v1.4.0 \
--set installCRDs=true
In one of the future articles I will show how the certificates are being hooked by the Nginx controller.
Sign up now so you don’t miss the next issue.
In the meantime, tell your friends!