tls-apisix
cert-manager
Our great sponsors
- InfluxDB - Collect and Analyze Billions of Data Points in Real Time
- Onboard AI - Learn any GitHub repo in 59 seconds
- SaaSHub - Software Alternatives and Reviews
| tls-apisix | cert-manager | |
|---|---|---|
| 1 | 96 | |
| 1 | 10,937 | |
| - | 0.8% | |
| 10.0 | 9.2 | |
| 9 months ago | about 23 hours ago | |
| Go | ||
| - | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
tls-apisix
-
mTLS everywhere!
I've omitted the Service definition for brevity's sake, but you can check them in the associated .
cert-manager
-
An opinionated template for deploying a single k3s cluster with Ansible backed by Flux, SOPS, GitHub Actions, Renovate, Cilium, Cloudflare and more!
SSL certificates thanks to Cloudflare and cert-manager
-
Deploy Rancher on AWS EKS using Terraform & Helm Charts
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/${CERT_MANAGER_VERSION}/cert-manager.crds.yaml
-
Task vs Make - Final Thoughts
install-cert-manager: desc: Install cert-manager deps: - init-cluster cmds: - kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/{{.CERT_MANAGER_VERSION}}/cert-manager.yaml - echo "Waiting for cert-manager to be ready" && sleep 25 status: - kubectl -n cert-manager get pods | grep Running | wc -l | grep -q 3
-
Easy HTTPS for your private networks
I've been pretty frustrated with how private CAs are supported. Your private root CA can be maliciously used to MITM every domain on the Internet, even though you intend to use it for only a couple domain names. Most people forget to set Name Constraints when they create these and many helper tools lack support [1][2]. Worse, browser support for Name Constraints has been slow [3] and support isn't well tracked [4]. Public CAs give you certificate transparency and you can subscribe to events to detect mis-issuance. Some hosted private CAs like AWS's offer logs [5], but DIY setups don't.
Even still, there are a lot of folks happily using private CAs, they aren't the target audience for this initial release.
[1] https://github.com/FiloSottile/mkcert/issues/302
[2] https://github.com/cert-manager/cert-manager/issues/3655
[3] https://alexsci.com/blog/name-non-constraint/
[4] https://github.com/Netflix/bettertls/issues/19
[5] https://docs.aws.amazon.com/privateca/latest/userguide/secur...
-
βΈοΈ Managed Kubernetes : Our dev is on AWS, our prod is on OVH
the Cert Manager
- Renewing tls certificate on a sops secret deployment.
-
cert-manager on k3s on arm with lets encrypt
``` curl -sL \ https://github.com/cert-manager/cert-manager/releases/download/v1.12.1/cert-manager.yaml |\ sed -r 's/(image:.):(v.)$/\1-arm:\2/g' > cert-manager-arm.yaml
-
πππ― From Localhost to Cloud βοΈ: Next.js, Django, SSL π, GitHub Actions π, DNS| Ultimate Website Deployment Tutorialππ₯β¨
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx helm upgrade --install ingress-nginx-chart ingress-nginx/ingress-nginx --set controller.service.loadBalancerIP=31.91.11.253 --set controller.service.externalTrafficPolicy=Local helm repo add jetstack https://charts.jetstack.io helm repo update kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.8.0/cert-manager.crds.yaml helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --version v1.8.0
-
How do you guys monitor K8s core services new versions
/feed subscribe https://github.com/cert-manager/cert-manager/releases.atom
-
Best method of setting up TLS on AKS
We use cert-manager, which works quite well.
What are some alternatives?
aws-load-balancer-controller - A Kubernetes controller for Elastic Load Balancers
metallb - A network load-balancer implementation for Kubernetes using standard routing protocols
Portainer - Making Docker and Kubernetes management easy.
awx-operator - An Ansible AWX operator for Kubernetes built with Operator SDK and Ansible. π€
k3s - Lightweight Kubernetes
oauth2-proxy - A reverse proxy that provides authentication with Google, Azure, OpenID Connect and many more identity providers.
external-dns - Configure external DNS servers (AWS Route53, Google CloudDNS and others) for Kubernetes Ingresses and Services
lens - Lens - The way the world runs Kubernetes
rbac-manager - A Kubernetes operator that simplifies the management of Role Bindings and Service Accounts.
Caddy - Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS
kubevirt - Kubernetes Virtualization API and runtime in order to define and manage virtual machines.
k3s-pihole-wireguard - How to deploy pihole and wireguard on kubernetes using a recursive dns