Support and enforce SSL for external services

[mattjmcnaughton]

Issue
Currently, the only external service I host on Kubernetes (my blog) supports just http connections. I'd like to support, and potentially even force, SSL for all external services I run on Kubernetes.

Implementation
cert-manager appears to be the recommended method for doing this.

Definition of Done

• https://mattjmcnaughton.com works.
• NextCloud is exposed on public internet over HTTPs.
• I have some form of monitoring/alerting on SSL certificate expiration.
• Blog post.

[mattjmcnaughton]

Also check out https://github.com/kubernetes-incubator/external-dns for managing external DNS and https://kubernetes.github.io/ingress-nginx/ for managing the ingress.

[mattjmcnaughton]

Once we make this change, add authentication to our applications and expose them publicly.

[mattjmcnaughton]

Also, during this migration, we'll ensure that our cluster only ever needs one ELB, and we perform all routing via ingress.

[mattjmcnaughton]

https://www.youtube.com/watch?v=aN9nVa8yeBo
https://medium.com/@elad.ishay_10522/exposing-kubernetes-workloads-to-the-world-without-losing-sleep-or-your-mind-71776968d3e5
https://www.youtube.com/watch?v=9uU2QMAiZrI