Securing Kubernetes Ingress With Let’s Encrypt

DigitalOcean

มุมมอง 16 981

เพิ่มลงใน
- เพลย์ลิสต์ของฉัน
- ดูภายหลัง
แชร์

แชร์

ฝัง

ขนาดวิดีโอ:

แสดงแผงควบคุมโปรแกรมเล่น

เล่นอัตโนมัติ

เล่นใหม่

เผยแพร่เมื่อ 25 ส.ค. 2024
Ready to take that cluster into production? Is it secured?
Learn how to install and configure the Kubernetes Ingress NGINX Controller and connect it with cert-manager to generate TLS certificates using Let's Encrypt. Setting up Ingress and TLS termination ensures that traffic from the internet into your cluster is encrypted, an essential step for a Kubernetes clusters serving in production.
What You'll Learn
- Installing and configuring the Kubernetes NGINX Ingress Controller
- Setting up cert-manager to automatically generate and rotate TLS certificates from Let’s Encrypt
- How to test that TLS termination is working
Presented By

Kim Schlesinger, Developer Advocate, DigitalOcean
Join us live, or register to get the recording after it airs:
do.co/3t8AwoV
- - - - - - - - - -
New to DigitalOcean? Get US $100 in credit when you sign up: do.co/build
Learn and gain inspiration with DigitalOcean Tech Talks: www.digitaloce...
Subscribe to the DigitalOcean TH-cam channel:
/ digitalocean
Write for DOnations - Share your knowledge and get paid, while supporting tech-focused nonprofits and charities:
www.digitaloce...
- - - - - - - - - -
About DigitalOcean
The DigitalOcean Developer Cloud™ simplifies modern app creation for new generations of developers working independently, at tech startups, and within small-to-medium sized businesses around the world.
To learn more about DigitalOcean: www.digitaloce...
Follow us on Twitter: / digitalocean
Like us on Facebook: / digitalocean
Follow us on Instagram: / thedigitalo. .
We're hiring: grnh.se/aicoph1
#DOTechTalks #DigitalOcean

ความคิดเห็น • 25

@master2466 2 ปีที่แล้ว ⁺⁶
This is how the demo should be. She explains everything in clear details, no show off or cryptic talk like some or hiding the real details. She is clearly enjoying the talk and not worried about anything. Well done. Can't parise enough
@eightdeekay 2 ปีที่แล้ว ⁺²
This video made clear how ingress and cert-manager work that's been baffling me for quite a while. Thank you!
@anishsinha1708 ปีที่แล้ว
From the bottom of my heart, thank you so much Kim and DigitalOcean. This tutorial is so unbelievably high quality and really helped me set up K8S for my company.
@Brocollipy ปีที่แล้ว ⁺¹
Thanks so much for this video, really great job. I had a setup in the "Day 1" zone and hoped for a quickie solution to get https... of course there wasn't one. Eventually worked through all my kinks after about 20hrs. If any one has trouble getting stuck at the Pending certificate phase there's a fix by going to a DO summary called "How to Set Up an Nginx Ingress with Cert-Manager on DigitalOcean Kubernetes" and go to Part 5. This is to allow the pods to be able to run the acme auth link.
@DigitalOcean ปีที่แล้ว ⁺¹
And here's that link if anyone runs into similar issues and needs to follow the same steps www.digitalocean.com/community/tutorials/how-to-set-up-an-nginx-ingress-with-cert-manager-on-digitalocean-kubernetes#step-5-enabling-pod-communication-through-the-load-balancer-optional
@jdogstersc ปีที่แล้ว ⁺¹
Kim you are amazing. Thank you so much for the help!!
@saikrishnajonnala9290 6 หลายเดือนก่อน
Thank you very much Kim🎉
@Boriu ปีที่แล้ว
Thank you so much Kim for this wonderfull lesson!!
@user-sm1sd6uw5o ปีที่แล้ว
Thank you so much for this video. It's very helpful.
@sergiovelazquez958 ปีที่แล้ว
Excellent video. It was very helpfully. Congratulations
@alfredorivera7038 ปีที่แล้ว
finally my ingress works!! thank you
@muhamadkomarhidayat6213 2 หลายเดือนก่อน
thank you so much i really appreciate it, already subscribe and like, even i use gcp for now
@ignacio6655 ปีที่แล้ว ⁺¹
This was an excellent tutorial, many thanks. I would like to ask something, in the ingress.yaml you set the port number to 8080, when actually the service runs on port 80. It was fixed in the GitHub repo as well. My question is: why did it work if the service was only listening to port 80? I have tried both ports 80 and 8080 and work. I cannot find an explanation for this, maybe because port 80 and 8080 are treated by k8s as the same port? Thanks!
@DigitalOcean ปีที่แล้ว ⁺²
Hi Ignacio,
That is a great question. It also shows that you have watched the tutorial with an eagle eye. Kudos!
Here is the explanation:
No, Kubernetes is not treating 80 and 8080 as the same ports. Here is why it worked in both cases,
First scenario:
In the echo_service.yaml, the service port 80 was mapped to targetPort 8080.
In the ingress.yaml we had the backend service port to 80.
When you try to reach the URL, let’s say echo.domain.com, it gets routed to :8080
Second scenario:
In the echo_service.yaml, the service port 80 was mapped to targetPort 8080.
In the ingress.yaml we had the backend service port to 8080.
When you try to reach the URL, let’s say echo.domain.com, you are directly accessing the :8080
It is not a good practice to use the containerPort in the ingress.yaml (aka second scenario).
If you want to inspect further, you can describe the ingress resource in both scenarios and you will see the backend endpoints.
`kubectl describe ingress ingress-echo -n backend`
If you want to go a bit further, you can inspect the logs of the ingress-nginx/ingress-nginx-controller
We hope to have clarified your doubt :)
@vitusyu9583 5 หลายเดือนก่อน
Just watched your video. Very informative. Would you tell me where to find the coming schedule of online sessions?
@unknownhero6187 2 ปีที่แล้ว ⁺¹
How does actually a Digital Ocean Load Balancer implemented? Is it Nginx or Istio? Is it l4 or l7 load balancer?
@Ecolariat 9 หลายเดือนก่อน
Great Video! Thank you - got everything up and running. One question - how do you remove the comments in code . ? I've been manually deleting, what shortcut keys did you use in the video to remove them?
@unknownhero6187 2 ปีที่แล้ว ⁺¹
Thank you for the excellent tutorial!
Could you please explain why we need a Digital Ocean Load Balancer in front of our k8s cluster? Can't the Nginx ingress controller handle it on its own?
@DigitalOcean 2 ปีที่แล้ว ⁺¹
Hey UnknownHero! We saw both your comments, so here are answers to both:
We need the DigitalOcean load balancer because it creates a static IP address that we can map to our domain name. We then pass the traffic from the DO load balancer to the nginx controller which sends the traffic to our Kubernetes services, which directs traffic to individual pods.
The DO load balancer works at layer 4, while the nginx controller works at layer 7.
Our friends at Ambassador Labs have a great explainer covering Kubernetes Networking. Check it out! www.getambassador.io/docs/emissary/latest/topics/concepts/kubernetes-network-architecture/
@unknownhero6187 2 ปีที่แล้ว
@@DigitalOcean Thanks!
@unknownhero6187 2 ปีที่แล้ว
@@DigitalOcean but have you written the source code of the load balancer on your own? Or you have used some open source technologies?
@painoj1 2 ปีที่แล้ว
@@unknownhero6187 when you install ingress-nginx controller and set the "type" as loadbalancer (opposed to nodeIP/clusterIP), digitalocean, linode and other kubernetes providers will create a loadbalancer that automatically balances between the kubernetes nodes (at an additional cost)
@anonanon3066 ปีที่แล้ว
Many fucking thanks to you! Now my readers can be absolutely certain that it's my brainfarts they're reading.
@kk3528 ปีที่แล้ว
Please do not waste time in unnecessary talk just please get straight to your topic of your video .thanks

ต่อไป

เล่นอัตโนมัติ

Security On Autopilot: Best Practices for Securing Kubernetes Clusters