Thanks to Let’s encrypt we can create SSL certificates for our HTTPS or TLS services for.. FREE!
These certificates have a 99% of compatibility with browsers.
A running Kubernetes cluster.
For our example, we use a cluster managed with Rancher.
If you don’t have one, you can follow this post to setup yours in just 15 minutes!
How to create a Kubernetes cluster with Rancher on Hetzner
TL;DR: In 15 minutes you can have a lab cluster ready to test or to deploy your projects cheap and easily.
Let’s go, Let’s Encrypt
Let’s Encrypt is a certification authority (CA) created in 2016 by the Electronic Frontier Foundation and Mozilla Foundation. Its target is that every Internet communication be ciphered using TLS protocol.
Until that date, if you wanted a valid SSL/TLS certificate for your Internet service, you had to pay at least around $10 for a cheap SSL certificate such as Comodo or RapidSSL.
That purchased certificate has one year validation.
The free Let’s Encrypt certificate has a validity of 3 months. Its certificate management is a bit tedious.
Fortunately “certbot”, the CLI Let’s Encrypt tool, allows to renew the certificates automatically. Just put it in a CRON job.
The Kubernetes way to get “Let’s Encrypt” certicates is using “cert-manager”.
The great feature for “cert-manager” is: automate certificate management.
That means: forget about certificates renewal.
In addition to Let’s Encrypt certificates (a.k.a ACME certs), cert-manager can emit self-signed certificates and manages others certificates issued by 3th parties CA.
We use manifest install method. In case of our Rancher’s cluster, just apply the following manifest:
kubectl apply --validate=false -f…