Deploying HTTPS with Kubernetes Nginx Ingress and Cert Manager

Introduction

This article will guide you through using Nginx Ingress Controller and Cert Manager on Kubernetes (K8s) to automatically issue TLS (Transport Layer Security) certificate. To follow along, you'll need:

Ingress

Ingress is a Kubernetes resource used to manage external access to Services within a cluster. It acts like a traffic router, allowing you to define routing configurations to efficiently manage incoming traffic to Services.

Ingress Controller

An Ingress Controller is a distinct component from Ingress itself. There are various types of Ingress Controllers, each capable of different deployments. However, their main function is to manage and deploy according to Ingress rules. When requests reach Ingress, the Ingress Controller uses these defined rules to route traffic to the respective Services. In this article, I'll demonstrate using the Nginx Ingress Controller.

Cert-Manager

Cert-Manager is a tool used to secure Ingress by automatically creating and renewing SSL/TLS certificates before they expire, at no cost.


Implementation Steps

Firstly, you need to initialize a K8s cluster. Here, I'm using GCP, so execute the following command:

gcloud container clusters create {cluster name}

# ex:
gcloud container clusters create k8s-cluster

Note that the above command works if you have already set the default project ID and region. Check out this article for more specific options to initialize GKE.


Next, use Helm to install the Nginx Ingress Controller and cert-manager along with the necessary configurations.

helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm upgrade --install nginx-ingress ingress-nginx/ingress-nginx -n ingress-nginx --create-namespace --set controller.publishService.enabled=true

helm repo add jetstack https://charts.jetstack.io
helm upgrade --install cert-manager jetstack/cert-manager -n cert-manager --create-namespace --set crds.enabled=true --set global.leaderElection.namespace=cert-manager


Check if the resources were successfully installed as follows:



Next, create a deployment.yml file to define the main resources for the application.

apiVersion: apps/v1
kind: Deployment
metadata:
name: deployment-name
spec:
replicas: 1
selector:
matchLabels:
app: label-name
template:
metadata:
labels:
app: label-name
spec:
restartPolicy: Always
containers:
- name: express-ts
image: express-ts # replace with your image
ports:
- containerPort: 3000
name: deployment-port
---
apiVersion: v1
kind: Service
metadata:
name: service-name
spec:
selector:
app: label-name
ports:
- protocol: TCP
port: 80 # port service
targetPort: deployment-port # port pod
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-production
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: any-email@gmail.com # could be use any email
privateKeySecretRef:
name: letsencrypt-production
solvers:
- http01:
ingress:
class: nginx
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-name
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
spec:
ingressClassName: nginx
tls:
- hosts:
- your-domain.com # replace with your domain
secretName: secret-name
rules:
- host: your-domain.com # replace with your domain
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: service-name
port:
number: 80
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: certificate-name
namespace: default
spec:
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
secretName: secret-name
dnsNames:
- your.ddns.com

Explain:

  • Deployment is used to deploy the application. You can replace the Docker image in the image field with the one you want to use, or follow this guide to build the Docker image I used in this example.
  • The Service is set to the default type, ClusterIP. I didn’t use LoadBalancer because the Nginx Ingress Controller already has a LoadBalancer service.
  • ClusterIssuer contains the configuration info for cert-manager to create HTTPS certificates. In this case, it uses the Let's Encrypt server and the Nginx Ingress Controller to create the private key secret.
  • Ingress registers the TLS certificate with your domain and sets up rules to direct traffic to the Service.
  • For the Certificate, make sure to specify the correct namespace (here, it’s the default namespace) and set the DNS names according to your domain provider.


Apply the configurations to create the resources.

kubectl apply -f deployment.yml

Note: I've defined all resources in a single file for simplicity, but in practice, you should separate each resource into individual YAML files for better management.


When resources are successfully created:



Next, to see the IP address information from Ingress, do the following:


Then, access the domain management dashboard according to your service provider to point your domain to that IP address.

To check if the certificate has been successfully issued:


The application is deployed with an HTTPS TLS certificate.



See you in the next articles!

Comments

Post a Comment

Popular posts from this blog

Kubernetes Practice Series

Image
Introduction Kubernetes (often abbreviated as K8s ) is an open-source system designed to automate the deployment, scaling, and management of containerized applications. This page serves as a collection of articles related to Kubernetes (K8s) , including theoretical concepts and practical guides on using Kubernetes to set up essential tools for the software development process. I will continue to update this series with new articles as ideas come to mind, to ensure the series becomes more comprehensive. The articles are arranged in increasing order of difficulty to make it easier for you to follow. If you have time, it's recommended that you start from the beginning of the series to acquire the necessary knowledge and information that will prepare you for the subsequent articles. Key Topics Covered in This Series Basic Knowledge : Fundamental concepts, common commands, etc. Resources : Pod, Deployment, Service, StatefulSet, Ingress, etc. Pod Autoscaler : Horizontal and Vertical sc...
Read more

NodeJS Practice Series

Image
Introduction NodeJS is an open-source and cross-platform JavaScript runtime environment . Here are some key points about NodeJS : V8 Engine : NodeJS runs on the V8 JavaScript engine , which is also the core of Google Chrome . This allows NodeJS to be highly performant. Asynchronous and Non-Blocking : NodeJS  uses an event-driven, non-blocking I/O model. It’s lightweight and efficient, making it ideal for data-intensive real-time applications. Single-Threaded : NodeJS  runs in a single process, handling multiple requests without creating new threads. It eliminates waiting and continues with the next request. Common Language : Frontend developers who write JavaScript for browsers can use the same language for server-side code in NodeJS . You can even use the latest ECMAScript standards without waiting for browser updates. This page is designed to compile articles related to NodeJS , including how to integrate it with various libraries and relevant tech stacks. I will cont...
Read more

Docker Practice Series

Image
Introduction Docker is an open platform for developing, shipping, and running applications. This page is dedicated to compiling articles related to Docker , covering both the theoretical aspects and practical applications of Docker in setting up popular tools essential for software development. I will be updating this series with more articles in the future as new ideas for topics arise. The articles are arranged in increasing order of difficulty, making it easier for you to follow along. If you have the time, I recommend starting from the beginning of the series to ensure that you grasp the necessary knowledge and information needed for the more advanced articles later on. Here are some key topics in the series that you need to explore to effectively use Docker : Basic knowledge Docker commands Docker Compose Building Docker images Performance improvement Integration with CI/CD Once you have a solid understanding of the foundational knowledge, the extended topics (including advanced...
Read more

React Practice Series

Image
Introduction React is a JavaScript library created by Facebook , often referred to as the most popular frontend framework today. This page aims to gather articles related to ReactJS , covering topics such as theory, features, and commonly used packages in the process of building ReactJS applications. I will update this series with more articles in the future as new ideas for content come up. The articles are arranged in increasing order of difficulty, so if you have time, it's recommended to start from the beginning of the series. This will ensure you grasp the essential knowledge and information needed for the subsequent articles. Here are some key topics in the series that you need to explore to effectively use ReactJS : Fundamental : React Hook, React Context, Lazy load, etc. State management : redux, mobx, recoil, etc. Middleware libraries : redux-thunk, redux-saga, redux-observable, etc. Popular packages : react-query, immer, styled-components, etc. Rendering techniques : C...
Read more

Sitemap

Image
A page aggregator designed for easy reference and search, compiling all blog posts for convenient access.
Read more

Setting up Kubernetes Dashboard with Kind

Image
Introduction In a previous article, I guided you through using Helm to deploy on Google Kubernetes Engine . However, if you want to cut down costs by using Kubernetes in your local environment instead of relying on a cloud provider during development, then Kind is your go-to. There are several tools to help set up Kubernetes locally, such as MiniKube , Kind , K3S , KubeAdm , and more. Each tool has its own pros and cons. In this article, I'll walk you through using Kind to quickly set up a Kubernetes cluster on Docker . Kind stands out for its compactness, making Kubernetes start up quickly, being user-friendly, and supporting the latest Kubernetes versions. Working with Kind Firstly, follow the instructions here to install Kind according to your operating system. If you're using Ubuntu , execute the command: [ $( uname -m ) = x86_64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.23.0/kind-linux-amd64 chmod +x ./kind sudo mv ./kind /usr/local/bin/ki...
Read more

Deploying a NodeJS Server on Google Kubernetes Engine

Image
Introduction to GKE Google Kubernetes Engine (GKE) is a managed Kubernetes service provided by Google Cloud Platform , facilitating simple and efficient deployment of Docker images. We only need to provide some configuration for the number of nodes, machine types, and replicas to use. Some Concepts Cluster A Cluster is a collection of Nodes where Kubernetes can deploy applications. A cluster includes at least one Master Node and multiple Worker Nodes . The Master Node is used to manage the Worker Nodes . Node A Node is a server in the Kubernetes Cluster. Nodes can be physical servers or virtual machines. Each Node runs  Kubernetes , which is responsible for communication between the Master Node and Worker Node , as well as managing Pods and containers running on it. Pod A Pod is the smallest deployable unit in Kubernetes . Each Pod contains one or more containers, typically Docker containers. Containers in the same Pod share a network namespace, meaning they have the ...
Read more

DevOps Practice Series

Image
Introduction DevOps is a combination of development (Dev) and operations (Ops), aimed at uniting people, processes, and technology to enhance the software development lifecycle. Here are some key aspects of DevOps: Collaboration and Communication: DevOps fosters a culture where development, IT operations, quality engineering, and security teams work together seamlessly. Continuous Integration and Continuous Delivery (CI/CD): These practices automate the integration and delivery of code changes, ensuring faster and more reliable software releases. Infrastructure as Code (IaC): This approach involves managing and provisioning computing infrastructure through machine-readable scripts, rather than physical hardware configuration. Monitoring and Logging: Continuous monitoring and logging help teams to detect issues early and maintain system reliability. Automation: Automating repetitive tasks reduces errors and increases efficiency, allowing teams to focus on more strategic work. By impleme...
Read more

Create API Gateway with fast-gateway

Image
Introduction In this article, I will guide you on how to use fast-gateway to deploy a simple API Gateway on NodeJS along with express . The advantage of an API Gateway is that it acts as an intermediary layer to hide the rest of the system, including services, commonly used in Microservices architecture. Example Usage This is the Microservices model after deployment: First, install the package yarn add fast-gateway Next, define the ports that will be used. import * as express from 'express' import * as gateway from 'fast-gateway' const portGateway = 5000 const portService1 = 5001 const portService2 = 5002 Define service 1 as follows: const startService1 = (): void => { const app = express () app . get ( '/list' , ( req , res ) => { const items = [ { id: 1 , name: 'service 1 value 1' , }, { id: 2 , name: 'service 1 value 2' , }, ] re...
Read more

A Handy Guide to Using Dynamic Import in JavaScript

Image
Introduction In JavaScript, when we import a file, the process usually happens synchronously, known as static import. However, as our applications grow, this synchronous loading can lead to slower initial page loads due to larger JavaScript bundles. Moreover, there are times when imports are necessary only under specific circumstances, leading to unnecessary loading times for users who might not even utilize those features. Details Instead of burdening all users with unnecessary imports, dynamic imports come to the rescue. They allow us to load modules or files only when they are needed, thus improving performance and user experience. Dynamic imports are invoked using the import() function and return a promise. When using default exports, the exported data can be accessed through the default field, while other data can be accessed through fields with matching names. Here's how you can use dynamic imports: import ( "ramda" ). then ( module => { const moduleDefaul...
Read more