- TechOps Examples
- Posts
- End-to-End Encryption on Amazon EKS with cert-manager
End-to-End Encryption on Amazon EKS with cert-manager
Good day. It's Friday, Sep. 13, and in this issue, we're covering:
End-to-End Encryption on Amazon EKS with cert-manager
GitLab warns of critical pipeline execution vulnerability
NGINX has moved away from Mercurial to GitHub
18 AWS Lambda Microstacks
Understanding the Docker USER Instruction
Production Level CI/CD Pipeline Project
You share. We listen. As always, send us feedback at [email protected]
A great news ✋
We partnered with Growth School to bring you this FREE offering.
FREE AI & ChatGPT Masterclass to automate 50% of your workflow
More than 300 Million people use AI across the globe, but just the top 1% know the right ones for the right use-cases.
Join this free masterclass on AI tools that will teach you the 25 most useful AI tools on the internet – that too for $0 (they have 100 free seats only!)
This masterclass will teach you how to:
Build business strategies & solve problems like a pro
Write content for emails, socials & more in minutes
Build AI assistants & custom bots in minutes
Research 10x faster, do more in less time & make your life easier
You’ll wish you knew about this FREE AI masterclass sooner 😉
Use Case
End-to-End Encryption on Amazon EKS with cert-manager
Organizations handling sensitive applications demands secure communications that ensure data privacy, even between internal services.
However, Some of the valid challenges I see:
Managing certificates for each microservice is complex.
Kubernetes ingress with Network Load Balancer doesn't support client certificates.
Manual certificate rotation increases administrative effort.
Mutual TLS is not achievable with standard Kubernetes ingress.
Using NGINX Ingress Controller for ingress in Amazon EKS enables mutual TLS. Cert-manager with Let's Encrypt automates certificate provisioning and rotation, enhancing security and compliance for organizations with strict security guidelines.
Target Architecture:
Ref: AWS White Papers
A client sends a request to the application’s DNS name.
Route 53 resolves the DNS to a CNAME pointing to the Network Load Balancer.
The Network Load Balancer forwards the request over HTTPS to the NGINX Ingress Controller with a TLS listener.
The NGINX Ingress Controller routes the request based on the path to the Application Service.
The Application Service forwards the request to the appropriate Application Pod.
The Application Pods run with cert-manager certificates, and communication between NGINX Ingress and the pods uses HTTPS.
Note:
Cert-manager operates in its own namespace.
Cert-manager provisions certificates as secrets in specific namespaces.
These namespaces can be linked to application pods and NGINX Ingress Controller.
Remember, securing service-to-service communication with end-to-end encryption isn't just a best practice—it's essential for maintaining data integrity and trust in your microservices architecture
2024 is 70.22% complete. Start the idea you’ve been holding.
Tool Of The Day
kuberhealthy - A Kubernetes operator for running synthetic checks as pods. Works great with Prometheus!
Trends & Updates
Resources & Tutorials
Picture Of The Day
Did someone forward this email to you? Sign up here