TLS for K8s
with cert-manager


January 8th, 2021

Brendon Thiede

  • DevOps Platform Engineer
  • Automation junkie
  • Constant hacker

TLS - What is it?

  • Transport Layer Security
  • Replaces SSL
  • Uses PKI
  • Short lived certs
  • Root CAs
  • Wild card and SAN

Why secure your traffic?

  • Sensitive data
  • Compliance
  • Malware protection
  • Costumer confidence
  • North-south & east-west
  • Latest tech

TLS in Kubernetes

  • Ingress
  • Secrets

spec:
  tls:
  - hosts:
      - manual.secure-example.com
    secretName: manual-tls

Demo

Manual Cert Management

cert-manager

  • Issuer/ClusterIssuer
  • Auto-renewal
  • Custom resources
  • Annotation driven

metadata:
  annotations:
    cert-manager.io/issuer: ca-issuer

Demo

cert-manager

Questions???