cert-manager
ingress-nginx
Our great sponsors
cert-manager | ingress-nginx | |
---|---|---|
99 | 200 | |
11,362 | 16,522 | |
2.2% | 1.6% | |
9.6 | 9.6 | |
about 4 hours ago | 5 days ago | |
Go | Go | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
cert-manager
-
Run WebAssembly on DigitalOcean Kubernetes with SpinKube - In 4 Easy Steps
# Install cert-manager CRDs kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.4/cert-manager.crds.yaml # Add Helm repositories jetstack and KWasm helm repo add jetstack https://charts.jetstack.io helm repo add kwasm http://kwasm.sh/kwasm-operator # Update Helm repositories helm repo update # Install cert-manager using Helm helm install \ cert-manager jetstack/cert-manager \ --namespace cert-manager \ --create-namespace \ --version v1.14.4 # Install KWasm operator helm install \ kwasm-operator kwasm/kwasm-operator \ --namespace kwasm \ --create-namespace \ --set kwasmOperator.installerImage=ghcr.io/spinkube/containerd-shim-spin/node-installer:v0.13.1
On top of its core components, SpinKube depends on cert-manager. cert-Manager is responsible for provisioning and managing TLS certificates that are used by the admission webhook system of the Spin Operator. Letโs install cert-manager and KWasm using the commands shown here:
-
An opinionated template for deploying a single k3s cluster with Ansible backed by Flux, SOPS, GitHub Actions, Renovate, Cilium, Cloudflare and more!
SSL certificates thanks to Cloudflare and cert-manager
-
Deploy Rancher on AWS EKS using Terraform & Helm Charts
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/${CERT_MANAGER_VERSION}/cert-manager.crds.yaml
-
Task vs Make - Final Thoughts
install-cert-manager: desc: Install cert-manager deps: - init-cluster cmds: - kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/{{.CERT_MANAGER_VERSION}}/cert-manager.yaml - echo "Waiting for cert-manager to be ready" && sleep 25 status: - kubectl -n cert-manager get pods | grep Running | wc -l | grep -q 3
-
Easy HTTPS for your private networks
I've been pretty frustrated with how private CAs are supported. Your private root CA can be maliciously used to MITM every domain on the Internet, even though you intend to use it for only a couple domain names. Most people forget to set Name Constraints when they create these and many helper tools lack support [1][2]. Worse, browser support for Name Constraints has been slow [3] and support isn't well tracked [4]. Public CAs give you certificate transparency and you can subscribe to events to detect mis-issuance. Some hosted private CAs like AWS's offer logs [5], but DIY setups don't.
Even still, there are a lot of folks happily using private CAs, they aren't the target audience for this initial release.
[1] https://github.com/FiloSottile/mkcert/issues/302
[2] https://github.com/cert-manager/cert-manager/issues/3655
[3] https://alexsci.com/blog/name-non-constraint/
[4] https://github.com/Netflix/bettertls/issues/19
[5] https://docs.aws.amazon.com/privateca/latest/userguide/secur...
-
โธ๏ธ Managed Kubernetes : Our dev is on AWS, our prod is on OVH
the Cert Manager
- Renewing tls certificate on a sops secret deployment.
-
cert-manager on k3s on arm with lets encrypt
``` curl -sL \ https://github.com/cert-manager/cert-manager/releases/download/v1.12.1/cert-manager.yaml |\ sed -r 's/(image:.):(v.)$/\1-arm:\2/g' > cert-manager-arm.yaml
-
๐๐๐ฏ From Localhost to Cloud โ๏ธ: Next.js, Django, SSL ๐, GitHub Actions ๐, DNS| Ultimate Website Deployment Tutorial๐๐ฅโจ
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx helm upgrade --install ingress-nginx-chart ingress-nginx/ingress-nginx --set controller.service.loadBalancerIP=31.91.11.253 --set controller.service.externalTrafficPolicy=Local helm repo add jetstack https://charts.jetstack.io helm repo update kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.8.0/cert-manager.crds.yaml helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --version v1.8.0
ingress-nginx
-
[06/52] Accessible Kubernetes with Terraform and DigitalOcean
resource "helm_release" "icrelease" { name = "nginx-ingress" repository = "https://kubernetes.github.io/ingress-nginx" chart = "ingress-nginx" version = "4.9.1" namespace = kubernetes_namespace.icnamespace.metadata[0].name set { name = "controller.ingressClassResource.default" value = "true" } }
-
Deploy Ghost with MySQL DB replication using helm chart
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx helm repo update helm upgrade --install ingress-nginx ingress-nginx/ingress-nginx --namespace ingress-nginx --create-namespace -f custom/ghost/nginx.yaml
-
Kubernetes Gateway API v1.0: Should You Switch?
For example, if you chose Nginx Ingress, you will use some of its dozens of annotations that are not portable if you decide to switch to another Ingress implementation like Apache APISIX.
-
Deploy Rancher on AWS EKS using Terraform & Helm Charts
helm repo add jetstack https://charts.jetstack.io helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx helm repo add rancher-latest https://releases.rancher.com/server-charts/latest helm repo update helm repo list
-
โธ๏ธ Kubernetes NGINX Ingress Controller: 10+ Complementary Configurations for Web Applications
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: # sticky session, from documentation: https://kubernetes.github.io/ingress-nginx/examples/affinity/cookie/ nginx.ingress.kubernetes.io/affinity: "cookie" nginx.ingress.kubernetes.io/affinity-mode: "persistent" # change to "balanced" (default) to redistribute some sessions when scaling pods nginx.ingress.kubernetes.io/session-cookie-name: "name-distinguishing-services" nginx.ingress.kubernetes.io/session-cookie-max-age: "172800" # in seconds, equivalent to 48h [...]
Everything in the YAML snippets below โ except for ingress configuration โ relates to configuring the NGINX ingress controller. This includes customizing the default configuration.
-
Implementing TLS in Kubernetes
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx helm repo update helm install ingress-nginx ingress-nginx/ingress-nginx -f ingress-values.yaml
-
Apollo Backend just made public, "The goal of making the code for this repo available is to show that despite statements otherwise by Reddit...
Kubernetes alone is enough of an example. So are various cloud utilities used all around the world, such as ingress-nginx, cert-manager, traefik, Docker and countless others. Go is what smart modern web developers actually want to use to create great products. Everything else is what industry dinosaurs force them to use to make a living at big companies peddling trash.
-
Ingress controller for vanilla k8s
This: https://kubernetes.github.io/ingress-nginx/ Not this: https://docs.nginx.com/nginx-ingress-controller/
-
Unleash Your Pipeline Creativity: Local Development with Argo Workflows and MinIO on Minikube
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
What are some alternatives?
traefik - The Cloud Native Application Proxy
emissary - open source Kubernetes-native API gateway for microservices built on the Envoy Proxy
metallb - A network load-balancer implementation for Kubernetes using standard routing protocols
cilium-cli - CLI to install, manage & troubleshoot Kubernetes clusters running Cilium
haproxy-ingress - HAProxy Ingress
application-gateway-kubernetes-ingress - This is an ingress controller that can be run on Azure Kubernetes Service (AKS) to allow an Azure Application Gateway to act as the ingress for an AKS cluster.
external-dns - Configure external DNS servers (AWS Route53, Google CloudDNS and others) for Kubernetes Ingresses and Services
oauth2-proxy - A reverse proxy that provides authentication with Google, Azure, OpenID Connect and many more identity providers.
apisix-ingress-controller - APISIX Ingress Controller for Kubernetes
aws-load-balancer-controller - A Kubernetes controller for Elastic Load Balancers
k8s-helm-helmfile - Project which compares 3 approaches to deploy apps on Kubernetes cluster (using kubectl, helm & helmfile)