End-to-End Encryption on Amazon EKS with cert-manager

In partnership with

Good day. It's Friday, Sep. 13, and in this issue, we're covering:

  • End-to-End Encryption on Amazon EKS with cert-manager

  • GitLab warns of critical pipeline execution vulnerability

  • NGINX has moved away from Mercurial to GitHub

  • 18 AWS Lambda Microstacks

  • Understanding the Docker USER Instruction

  • Production Level CI/CD Pipeline Project

You share. We listen. As always, send us feedback at [email protected]

A great news  

We partnered with Growth School to bring you this FREE offering.

FREE AI & ChatGPT Masterclass to automate 50% of your workflow

More than 300 Million people use AI across the globe, but just the top 1% know the right ones for the right use-cases.

Join this free masterclass on AI tools that will teach you the 25 most useful AI tools on the internet – that too for $0 (they have 100 free seats only!)

This masterclass will teach you how to:

  • Build business strategies & solve problems like a pro

  • Write content for emails, socials & more in minutes

  • Build AI assistants & custom bots in minutes

  • Research 10x faster, do more in less time & make your life easier

You’ll wish you knew about this FREE AI masterclass sooner 😉

Use Case

End-to-End Encryption on Amazon EKS with cert-manager

Organizations handling sensitive applications demands secure communications that ensure data privacy, even between internal services.

However, Some of the valid challenges I see:

  • Managing certificates for each microservice is complex.

  • Kubernetes ingress with Network Load Balancer doesn't support client certificates.

  • Manual certificate rotation increases administrative effort.

  • Mutual TLS is not achievable with standard Kubernetes ingress.

Using NGINX Ingress Controller for ingress in Amazon EKS enables mutual TLS. Cert-manager with Let's Encrypt automates certificate provisioning and rotation, enhancing security and compliance for organizations with strict security guidelines.

Target Architecture:

Ref: AWS White Papers

  • A client sends a request to the application’s DNS name.

  • Route 53 resolves the DNS to a CNAME pointing to the Network Load Balancer.

  • The Network Load Balancer forwards the request over HTTPS to the NGINX Ingress Controller with a TLS listener.

  • The NGINX Ingress Controller routes the request based on the path to the Application Service.

  • The Application Service forwards the request to the appropriate Application Pod.

  • The Application Pods run with cert-manager certificates, and communication between NGINX Ingress and the pods uses HTTPS.

Note:

  • Cert-manager operates in its own namespace.

  • Cert-manager provisions certificates as secrets in specific namespaces.

  • These namespaces can be linked to application pods and NGINX Ingress Controller.

Remember, securing service-to-service communication with end-to-end encryption isn't just a best practice—it's essential for maintaining data integrity and trust in your microservices architecture

2024 is 70.22% complete. Start the idea you’ve been holding.

Tool Of The Day

kuberhealthy  - A Kubernetes operator for running synthetic checks as pods. Works great with Prometheus!

Trends & Updates

Resources & Tutorials

Picture Of The Day

Did someone forward this email to you? Sign up here

Interested in reaching smart techies?

Our newsletter puts your products and services in front of the right people - engineering leaders and senior engineers - who make important tech decisions and big purchases.