New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support and enforce SSL for external services #4

Open
mattjmcnaughton opened this Issue Oct 19, 2018 · 4 comments

Comments

Projects
1 participant
@mattjmcnaughton
Copy link
Owner

mattjmcnaughton commented Oct 19, 2018

Issue
Currently, the only external service I host on Kubernetes (my blog) supports just http connections. I'd like to support, and potentially even force, SSL for all external services I run on Kubernetes.

Implementation
cert-manager appears to be the recommended method for doing this.

Definition of Done

  • https://mattjmcnaughton.com works.
  • NextCloud is exposed on public internet over HTTPs.
  • I have some form of monitoring/alerting on SSL certificate expiration.
  • Blog post.
@mattjmcnaughton

This comment has been minimized.

Copy link
Owner

mattjmcnaughton commented Nov 9, 2018

Also check out https://github.com/kubernetes-incubator/external-dns for managing external DNS and https://kubernetes.github.io/ingress-nginx/ for managing the ingress.

@mattjmcnaughton

This comment has been minimized.

Copy link
Owner

mattjmcnaughton commented Nov 9, 2018

Once we make this change, add authentication to our applications and expose them publicly.

@mattjmcnaughton

This comment has been minimized.

Copy link
Owner

mattjmcnaughton commented Nov 23, 2018

Also, during this migration, we'll ensure that our cluster only ever needs one ELB, and we perform all routing via ingress.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment