Forem: Sahil Ghanwat

Securing Your Kubernetes Website with Let's Encrypt and cert-manager

Sahil Ghanwat — Sun, 19 Jan 2025 21:03:42 +0000

Securing Your Kubernetes Website with Let's Encrypt and cert-manager

In today's digital world, security is paramount. For websites, this often means implementing HTTPS (HTTPS) to encrypt communication between the server and the user. Let's Encrypt provides a free and automated way to obtain and renew SSL certificates, and cert-manager simplifies this process within your Kubernetes cluster.

This guide will walk you through the steps of securing your Kubernetes-deployed website with Let's Encrypt certificates using cert-manager.

1. Install cert-manager

Install Helm: If you're using Helm, install it on your Kubernetes cluster.
Install cert-manager: Use Helm to install cert-manager:

   helm install cert-manager jetstack/cert-manager \
       --namespace cert-manager \
       --create-namespace \
       --set installCRDs=true

2. Create a ClusterIssuer for Let's Encrypt

Create a ClusterIssuer resource: This defines how cert-manager will obtain certificates from Let's Encrypt. Here's an example:

   apiVersion: cert-manager.io/v1
   kind: ClusterIssuer
   metadata:
     name: letsencrypt-prod
   spec:
     acme:
       server: https://acme-v02.api.letsencrypt.org/directory
       email: your_email@example.com 
       privateKeySecretRef:
         secretName: letsencrypt-prod
       solvers:
       - http01:
           ingress:
             class: nginx

Replace your_email@example.com with your email address.
Ensure the ingress class matches your Ingress controller (e.g., nginx, traefik).
- Apply the ClusterIssuer:

   kubectl apply -f letsencrypt-issuer.yaml

3. Create an Ingress Resource

Create an Ingress resource: This defines how traffic should be routed to your application. Here's a basic example:

   apiVersion: networking.k8s.io/v1
   kind: Ingress
   metadata:
     name: my-app-ingress
   spec:
     rules:
     - host: your-domain.com 
       http:
         paths:
         - path: /
           backend:
             serviceName: my-app-service 
             servicePort: 80
     tls:
     - hosts:
       - your-domain.com 
       secretName: your-domain-tls

Replace your-domain.com with your actual domain name.
Replace my-app-service and my-app-service with the actual names of your Service and its port.
Specify the secretName that cert-manager will create to store the certificate and key.
- Apply the Ingress:

   kubectl apply -f ingress.yaml

4. Verify Certificate Issuance

Check the status of the Certificate resource:

   kubectl get certificates

You should see a Certificate resource being created by cert-manager.

Check the Ingress status:

   kubectl describe ingress my-app-ingress

The Ingress status should indicate that the TLS configuration is ready.

5. Access Your Website

Browse to your website: Visit https://your-domain.com in your browser. You should now see a secure connection (indicated by the green padlock in the address bar).

Important Notes:

DNS Configuration: Ensure that your domain name is properly configured to point to your Kubernetes cluster's LoadBalancer IP or Ingress endpoint.
Ingress Controller: This example assumes you are using an Ingress controller like Nginx Ingress.
Security: Always follow security best practices and regularly review and update your certificates.
Troubleshooting: If you encounter any issues, check the logs of cert-manager, your Ingress controller, and your Kubernetes cluster for error messages.

By following these steps, you can effectively secure your Kubernetes-based website with Let's Encrypt certificates using cert-manager. This will enhance the security and trust of your website for your users.

👨‍💻 About Me:

I'm an aspiring software engineer with a knack for Kubernetes, DevOps, Cloud. I thrive on building efficient systems. I love sharing my tech learnings on LinkedIn and Twitter. Follow me for insights on softwares, cutting-edge technology and many more things. 🚀

Defining Devops for extreme newbies

Sahil Ghanwat — Thu, 31 Aug 2023 09:34:13 +0000

Hey there, fellow tech adventurers! Buckle up, because we're about to dive into a wild ride through the ever-evolving landscape of DevOps in the year 2023. It's a tale of code, chaos, and collaboration that's shaping the tech world like never before. Grab your virtual hard hats, and let's explore how DevOps is both serious business and a barrel of laughs.

The DevOps Disco:

Picture this: developers grooving alongside operations folks on a neon-lit dance floor, moving to the rhythm of automated deployments. DevOps has turned software development into a party where continuous integration is the DJ, and continuous delivery is the dance move everyone's trying to nail. Gone are the days of code being thrown over the wall like a hot potato. DevOps brings everyone to the same party, where they can hash out issues, spin up environments, and push code changes without breaking a sweat.

Release Roulette - Betting on Success:

Remember the days when releasing new software was like playing Russian roulette? Well, DevOps has turned that game into Release Roulette – a high-stakes game where automation is your lucky charm. With automated testing, deployment pipelines, and monitoring in place, you're less likely to shoot yourself in the foot and more likely to hit the jackpot of a smooth release.

Team Bonding: The Code that Binds:

Collaboration takes center stage in the DevOps saga. Developers and operations teams used to be like rival clans, but now they're more like peanut butter and jelly. Working together, sharing knowledge, and understanding each other's challenges has become the secret sauce for serving up successful software.

Conclusion:

So there you have it, intrepid explorers of tech-land! DevOps isn't just reshaping the way we develop and deploy software—it's reshaping the way we think about teamwork, efficiency, and even the occasional all-nighter. Whether it's dancing to the beat of continuous integration or playing Release Roulette with automated deployment, DevOps is the ultimate party where everyone's invited, and the code is the life of the bash.

Remember, while we navigate the world of DevOps with a dash of humor, it's a serious game-changer that's propelling the tech world forward in 2023. So, as you balance your sleepless nights with code deployments, take a moment to appreciate the DevOps disco and the camaraderie it brings to our ever-evolving tech adventure!

Getting started with Vagrant: a beginner's Guide

Sahil Ghanwat — Thu, 24 Aug 2023 17:27:26 +0000

In the fast-evolving landscape of software development, efficient and consistent environments are crucial. The ability to set up, replicate, and share development environments quickly can significantly enhance a developer's productivity. This is where Vagrant, a tool developed by HashiCorp, comes into play. In this beginner's guide, we will explore the fundamental concepts of Vagrant and learn how to get started with creating and managing development environments.

`What is Vagrant?`

Vagrant is an open-source tool that focuses on automating the creation and management of virtualized development environments. It provides a simple and consistent way to set up virtual machines (VMs) with a specific configuration. Vagrant abstracts away the complexities of setting up and configuring VMs, making it easier for developers to collaborate and work in controlled environments.

`Why Use Vagrant?`

🎢Reproducibility: With Vagrant, you can define your development environment as code. This means that anyone, regardless of their operating system, can reproduce your environment with a single command.

👓Isolation: Vagrant allows you to isolate your development environment from your host machine. This isolation prevents conflicts between software versions and configurations, ensuring that your projects run consistently across different systems.

🤝Collaboration: Vagrant makes it easy to share the exact same development environment with your team members. This eliminates the "it works on my machine" issue and fosters collaboration.

💪Flexibility: Vagrant supports various virtualization providers, such as VirtualBox, VMware, and Hyper-V, giving you the flexibility to choose the platform that suits your needs.

`Getting Started with Vagrant!`🎐

Step 1: Installation:

To begin using Vagrant, you'll need to install it on your machine. Visit the official Vagrant website and download the installer for your operating system. Once installed, you can verify the installation by opening a terminal or command prompt and running:

vagrant --version

Step 2: Initializing a Vagrant Environment:

Create a new directory for your project and navigate to it using the terminal.
Run the following command to initialize a new Vagrant environment:

vagrant init

This command creates a Vagrantfile in your project directory. The Vagrantfile is where you define the configuration of your VM.

Step 3: Configuring the Vagrant Environment

Open the Vagrantfile in a text editor and configure the VM according to your needs. You can specify the base box, configure networking, set up port forwarding, and more. Here's an example of a basic Vagrantfile configuration:

Vagrant.configure("2") do |config|
  config.vm.box = "ubuntu/bionic64"
end

In this example, we're using the "ubuntu/bionic64" box as the base.
OR you can download the box by simply skipping step 2 & step 3 by writing the following command:

Vagrant init ubuntu/bionic64

Thank me later!😋

Step 4: Starting and Accessing the VM

Save the Vagrantfile after making your desired configurations.
in case you skipped step 2 && step 3 you already are in the working directory. In the terminal, navigate to your project directory and run:

vagrant up

This command will download the specified base box if it's not already downloaded and start the VM.

Once the VM is up and running, you can access it using:

vagrant ssh

This will open a secure shell (SSH) connection to the VM.

Step 5: Managing the VM
To pause the VM, use:

vagrant suspend

To halt (shut down) the VM, use:

vagrant halt

To completely remove the VM, use:

vagrant destroy

Remember that you can always bring the VM back up with:

vagrant up

Conclusion:

Vagrant simplifies the process of managing development environments, making it an essential tool for modern software development. By automating the setup and configuration of VMs, Vagrant boosts productivity, collaboration, and consistency across development teams. As you delve deeper into Vagrant, you'll discover its advanced features and integrations with other HashiCorp tools, enabling you to create even more powerful development workflows. Happy coding!😎

Is CentOS still relevant today?

Sahil Ghanwat — Mon, 21 Aug 2023 18:03:48 +0000

In the ever-evolving landscape of operating systems, CentOS stands as a stalwart favorite among developers worldwide. Renowned for its stability, security, and open-source nature, CentOS has earned its place as a go-to choice for both beginner and experienced developers alike. In this blog post, we delve into the reasons behind CentOS's enduring popularity in the developer community

- Open Source Foundation:

CentOS is built upon the source code of the Red Hat Enterprise Linux (RHEL) distribution, which is one of the most respected and widely used commercial Linux distributions. CentOS follows a strict policy of adhering to the open-source philosophy, making it an ideal choice for developers who prioritize transparency and the ability to modify and contribute to the operating system's source code.

- Stability and Long-Term Support:

One of the primary reasons developers are drawn to CentOS is its renowned stability and long-term support. CentOS releases are known for their reliability and robustness, making them suitable for critical server deployments and production environments. This stability translates to fewer disruptions and a reduced need for frequent updates, which is highly appealing to developers focused on maintaining consistent and reliable systems.

- Security Focus:

Security is a paramount concern for developers, and CentOS doesn't disappoint in this area. The CentOS team is proactive in addressing security vulnerabilities and providing timely security updates, ensuring that the operating system remains robust against emerging threats. This commitment to security makes CentOS a trusted choice for applications and services that require a secure foundation.

- Active Community and Support:

CentOS boasts a vibrant and active user community that contributes to its popularity. Developers can easily find solutions to problems, seek guidance, and participate in discussions on forums, mailing lists, and other online platforms.

This strong community support network facilitates learning, troubleshooting, and collaboration among developers, making CentOS an excellent choice for those who value a sense of belonging to a larger community.

- Variety of Software Repositories:

CentOS provides access to a broad range of software packages through its repositories. This expansive software ecosystem includes development tools, programming languages, libraries, and frameworks. _Developers can quickly set up their development environments and access the tools they need without the hassle of hunting down dependencies from various sources.

- Ease of Migration:

For developers migrating from other Linux distributions, CentOS provides a relatively smooth transition due to its similarity to RHEL and its adherence to widely accepted Linux conventions.

This familiarity streamlines the adaptation process, enabling developers to focus on their projects without grappling with significant changes to their workflows.

- Customizability:

CentOS offers developers the flexibility to customize their installations to suit specific project requirements. This customizability extends to the kernel and other components, allowing developers to fine-tune their environments for optimal performance and resource utilization.

These factors collectively make CentOS an appealing choice for developers seeking a reliable, secure, and versatile operating system to support their projects and initiatives. Whether you're a seasoned developer or just starting your coding journey, CentOS offers a solid platform that empowers you to bring your ideas to life with confidence.

but

is it still relevant today?

CentOS Project shifted its focus from CentOS Linux, which was a downstream, community-supported version of Red Hat Enterprise Linux (RHEL), to CentOS Stream, which is an upstream development platform for RHEL.
CentOS Stream is designed to provide a rolling-release distribution that helps to develop and test features before they make their way into RHEL. This change led to concerns among users who preferred CentOS Linux for its stability and predictability.
However, the discontinuation of CentOS Linux has caused a significant amount of discussion and debate within the community. It's recommended that you check the official CentOS website or other reputable sources for the most up-to-date information regarding the status of CentOS Linux and CentOS Stream, as developments might have occurred after September 2021.

JWT authentication explained in simplest way possible ✌️

Sahil Ghanwat — Mon, 06 Mar 2023 18:58:44 +0000

JWT Overview: -

If you know what are JSON Web Tokens, you might wonder how they actually work.🤔️

JSON Web Token is a proposed Internet standard for creating data with optional signature and/or optional encryption whose payload holds JSON that asserts some number of claims.

☺️ In simple English- Token-based authentication is a protocol that allows users to confirm their identity and obtain a unique access token in return. Users do not need to re-enter their credentials when they go back to the same web page, app, or any resource protected with that same Token's life

It might be hard for beginners to understand at first glance.

For now just understand, JSON Web Tokens are used while User authentication.

How It Works?

Lets divide the whole process in 4 steps👇️

👉️ INITIAL REQUEST: - A user tries to access a restricted resource. The user must initially verify their identity without the use of a token, for as by using a username or password.

👉️ VERIFICATION: - If the user's credentials are valid, the authentication server verifies their rights on the requested system.

👉️ TOKEN: - After verification, the server delivers a TOKEN to the user that contains a REFERENCE to their identity.

👉️ STORAGE: - The token is kept by the users either in the browser or on their mobile devices. They can now authenticate in the future without having to use their credentials.

Why use JWT?🤷️

🤞️ Advantages of using JWTs include the following:

👉️ They are lightweight and easy to use by client applications: for example, mobile applications.
👉️ They are self-contained, which means that the Liberty JVM server can consume the token directly and use a claim from the token as the identity for running the request.
👉️ They can be symmetrically signed by a shared secret by using the HMAC algorithm, or asymmetrically by using a private key.
👉️ They have a built-in expiry mechanism.
👉️ They can be extended to contain custom claims.

Anatomy of JWT: -

A JWT consists of three parts: a header, payload, and signature. The header typically consists of two parts: the type of the token, which is JWT, and the algorithm that is used, such as HMAC SHA256 or RSA SHA256. It is Base64Url encoded to form the first part of the JWT.

JWT Authentication Flow.

The user logs in using their credentials.
When the user is authenticated, a JWT is returned.
When the user wants to access a protected resource, the client application sends the JWT, typically in the HTTP Authorization header.
The JWT is then used by the application server, such as CICS, to identify the user and allow access to the resource.

Conclusion: -
Its easy to understand particular concept if they are taught better.
Comment your thoughts.
Subscribe for more upcoming tech blogs..

Forem: Sahil Ghanwat

Securing Your Kubernetes Website with Let's Encrypt and cert-manager

Securing Your Kubernetes Website with Let's Encrypt and cert-manager

Defining Devops for extreme newbies

The DevOps Disco:

Release Roulette - Betting on Success:

Team Bonding: The Code that Binds:

Getting started with Vagrant: a beginner's Guide

What is Vagrant?

Why Use Vagrant?

Getting Started with Vagrant!🎐

Is CentOS still relevant today?

- Open Source Foundation:

- Stability and Long-Term Support:

- Security Focus:

- Active Community and Support:

- Variety of Software Repositories:

- Ease of Migration:

- Customizability:

but

is it still relevant today?

JWT authentication explained in simplest way possible ✌️

JWT Overview: -

How It Works?

Why use JWT?🤷️

Anatomy of JWT: -

JWT Authentication Flow.

`What is Vagrant?`

`Why Use Vagrant?`

`Getting Started with Vagrant!`🎐