Free SSL certificate for your Kubernetes cluster with Rancher

JM Robles
5 min readMay 17, 2020

Thanks to Let’s encrypt we can create SSL certificates for our HTTPS or TLS services for.. FREE!

These certificates have a 99% of compatibility with browsers.

Let’s Encrypt for your cluster in 5 minutes!

Prerequisites

A running Kubernetes cluster.

For our example, we use a cluster managed with Rancher.

If you don’t have one, you can follow this post to setup yours in just 15 minutes!

Let’s go, Let’s Encrypt

Let’s Encrypt is a certification authority (CA) created in 2016 by the Electronic Frontier Foundation and Mozilla Foundation. Its target is that every Internet communication be ciphered using TLS protocol.

Until that date, if you wanted a valid SSL/TLS certificate for your Internet service, you had to pay at least around $10 for a cheap SSL certificate such as Comodo or RapidSSL.

That purchased certificate has one year validation.

The free Let’s Encrypt certificate has a validity of 3 months. Its certificate management is a bit tedious.

Fortunately “certbot”, the CLI Let’s Encrypt tool, allows to renew the certificates automatically. Just put it in a CRON job.

Introducing cert-manager

The Kubernetes way to get “Let’s Encrypt” certicates is using “cert-manager”.

The great feature for “cert-manager” is: automate certificate management.

That means: forget about certificates renewal.

In addition to Let’s Encrypt certificates (a.k.a ACME certs), cert-manager can emit self-signed certificates and manages others certificates issued by 3th parties CA.

Installation

We use manifest install method. In case of our Rancher’s cluster, just apply the following manifest:

kubectl apply --validate=false -f

--

--

JM Robles

Backend / Platform engineer #go #python #kubernetes #terraform #devops