GlobalStripe

Kubernetes cert-manager

Chris Clark
Chris Clark

How to setup next.js with Kubernetes and Cert Manager!

I’ve been experimenting setting up by own development custler for Kubernetes, prompter by the need to do a series of EKS upgrades due to deprecations and forced upgrades!

I need to learn a little more about the common kubernetes tooling and play around with configuration without incurring the cost of spinning up an EKS cluster.

(If you do want to spin up an EKS cluster i highlight recommend uwing eksctl) You can bring up an entire cluster with one like of code. This includes control plane. Autoscaling group for nodes, loadbalancer and dns

You can also destroy the entire stack with one like of code too. But that’s a post for another day!

Back to my lab setup!. I’ve played around with many Kubernetes lab setups including multipass, k8s etc. For this guide i am using kind + docker..

https://kind.sigs.k8s.io/

Kubernetes IN Docker

The setup of the cluster and ingress is based on this guide

https://www.youtube.com/watch?v=72zYxSxifpM

--

<iframe width="560" height="315" src="https://www.youtube.com/embed/72zYxSxifpM?si=SOMyZu82DBAF6TcR" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>

--

And i highly recommend you download the githib repos from there and have a go at creating your own cluster from the guide.,

This will give you a working cluster with nginx-ingress. The cluster install with kind is again a 1 lineer (assuming you already have docker desktop setup …i am on a mac btw)

I wanted my lab setup to be accessible from the internet and secured with SSL/TLS

Cert Manager provides a set of tools to automate request process for free letsencrypt certificates for resources in your cluster,

https://cert-manager.io/

My particular network setup from https://www.alncom.co.uk/ presented a few challenges with this … the public up i have exposed to whatsmyip tools … is not the actual public ip.

The real public ip is one that letsencrypt things is non-reoutable… So the regular http/https challenge/validation process does not work. I needed to switch the setup to use a DNS-01 challenge … which needs some setup to allow cert-manger to talk to the cloudflare API … so you need to generate some api token in your cloudflare acct and configure your cert-manager installation to use these.



Latest Projects

The Guide to Git you never had

🩺 Doctors have stethoscopes. 🔧 Mechanics have spanners. 👨‍💻 We developers, have Git.

Chris Clark
Chris Clark

Best Google Fonts to conquer the Metaverse

Universe Enthusiast. Writes about Computer Science, AI, Physics, Neuroscience and Technology,Front End and Backend Development