Let’s Encrypt Kubernetes
In the Cloud Native world, how can we be sure to create secure applications? The inherently dynamic environment with short-lived containers, orchestrators, and network encapsulation provides significant challenges to traditional network security tools and procedures.
Best practices for cloud architecture security generally fall into three categories: Authentication, Authorization, and Encryption. This session focuses on the latest Kubernetes methods for encrypting internal and external application traffic.
In this live demonstration, you will learn how to enable HTTPS (SSL/TLS) for applications deployed in Kubernetes. First we’ll walk through manually deploying and using TLS certificates in containerized applications. Then we’ll level-up our Kubernetes infrastructure by creating an automated certificate generator leveraging Let’s Encrypt, a free and open Certificate Authority. Finally, we will use our automatically created certificates to secure three services: NGINX, an Ingress Controller, and a Golang application.
Ross Kukulinski (@rosskukulinski) is a freelance Kubernetes and DevOps consultant, with dozens of production Kubernetes deployments under his belt. Ross’s technical expertise is in architecting and deploying scalable, containerized, real-time cloud applications. When he's not fostering adoption of Kubernetes, Ross can be found running applications in production using tools including Docker, CoreOS, and Node.js. Ross frequently speaks at technology conferences and events including DevOpsDays, QCon, CoreOS Fest, ContainerCamp, NodeSummit, KrankyGeek WebRTC, NodeInteractive, and Philly Tech Week. Ross has also published an O'Reilly Video Tutorial Series called Introduction to CoreOS: Learn to Deploy, Monitor, and Scale Containerized Applications.
Lead Solutions Architect