{"id":11548,"date":"2022-02-08T11:18:29","date_gmt":"2022-02-08T10:18:29","guid":{"rendered":"https:\/\/www.origo.io\/info\/?p=11548"},"modified":"2022-06-07T14:32:52","modified_gmt":"2022-06-07T12:32:52","slug":"automating-dns-and-tls-certificates-with-kubernetes","status":"publish","type":"post","link":"https:\/\/origo.io\/info\/automating-dns-and-tls-certificates-with-kubernetes\/","title":{"rendered":"Automating DNS and TLS Certificates with Kubernetes"},"content":{"rendered":"\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter  wp-image-11583\" src=\"\/info\/wp-content\/uploads\/2022\/02\/certmanager-letsencrypt.png\" alt=\"\" width=\"436\" height=\"215\" \/>Almost every app needs a web service backend, and every web service needs a domain name. To serve content from a domain name you need a TLS certificate.<br \/>While you still need to register and pay for a domain through a registrar like Godaddy or Domain.com, TLS certificates have been provided free of charge to anyone by <a href=\"https:\/\/letsencrypt.org\" target=\"_blank\" rel=\"noopener\">Let&#8217;s Encrypt<\/a> since 2016.<\/p>\n<p><!--more--><br \/>The process for setting up a web service is basically the same every time &#8211; be it for testing, development or production:<\/p>\n<p>Register a domain -&gt; Create a web service -&gt; Point a domain name to this web service -&gt; Validate the service with Let&#8217;s Encrypt -&gt; Have a TLS certificate issued -&gt; Install the certificate to your web service<\/p>\n<p>It&#8217;s a joy to finally have free TLS certificates that are issued almost instantanously, but it all does become a bit tedious after a while. You can of course use self-signed certificates for your testing and development, but in the long run it get&#8217;s a bit annoying clicking away all those browser warnings.<\/p>\n<p>Since Kubernetes is all about automated operations, we thought that this particular operation could and should also be automated, especially for outfits that routinely set up a lot of testing and development environments. We looked a bit around for possibilities, and it looks like our fellow Kubernetes enthusiasts are mostly aligning behind two projects &#8211; <a href=\"https:\/\/github.com\/kubernetes-sigs\/external-dns\" target=\"_blank\" rel=\"noopener\">External DNS<\/a> for automating domain name provisioning, and <a href=\"https:\/\/cert-manager.io\/\" target=\"_blank\" rel=\"noopener\">cert-manager<\/a> for automating TLS certificate provisioning. With no desire to reinvent these particular wheels, we set out to automate the above process, using these two projects. The result is a <a href=\"\/info\/stabiledocs\/guides\/automating-dns-and-tls-in-stabile\/\">new guide<\/a>, describing how to do exactly this in a Stabile environment.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Almost every app needs a web service backend, and every web service needs a domain name. To serve content from a domain name you need a TLS certificate.While you still need to register and pay for a domain through a registrar like Godaddy or Domain.com, TLS certificates have been provided<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[1],"tags":[],"class_list":["post-11548","post","type-post","status-publish","format-standard","hentry","category-blog"],"acf":[],"jetpack_publicize_connections":[],"featured_image_src":null,"featured_image_src_square":null,"author_info":{"display_name":"Origo","author_link":"https:\/\/origo.io\/info\/author\/admin\/"},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/origo.io\/info\/wp-json\/wp\/v2\/posts\/11548","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/origo.io\/info\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origo.io\/info\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origo.io\/info\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/origo.io\/info\/wp-json\/wp\/v2\/comments?post=11548"}],"version-history":[{"count":7,"href":"https:\/\/origo.io\/info\/wp-json\/wp\/v2\/posts\/11548\/revisions"}],"predecessor-version":[{"id":11986,"href":"https:\/\/origo.io\/info\/wp-json\/wp\/v2\/posts\/11548\/revisions\/11986"}],"wp:attachment":[{"href":"https:\/\/origo.io\/info\/wp-json\/wp\/v2\/media?parent=11548"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origo.io\/info\/wp-json\/wp\/v2\/categories?post=11548"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origo.io\/info\/wp-json\/wp\/v2\/tags?post=11548"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}