Sk Shahriar Ahmed Raka
Securing Your Azure Kubernetes Service (AKS) with Let's Encrypt: A Step-by-Step Guide

Securing Your Azure Kubernetes Service (AKS) with Let's Encrypt: A Step-by-Step Guide

sk shahriar ahmed raka's photo
sk shahriar ahmed raka
·

3 min read

step 1 : Create AKS Cluster

create a kubernetes cluster inside azure kubernetes service

step 2:

authenticate azure kubernetes cluster from your local pc

here , resource Group = aifarm1

cluster Name = aifarmcluster1

 az aks get-credentials --resource-group aifarm1 --name aifarmcluster1

step 3:

first install helm chart in your local PC

brew install helm

step 4:

install the Ingress-Nginx Controller

https://kubernetes.github.io/ingress-nginx/deploy/#quick-start

helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx && \
helm repo update && \
helm install ingress-nginx ingress-nginx/ingress-nginx

check the ingress service

 kubectl get services ingress-nginx-controller

step 5 : (depends on your application)

create your desired application deployment and service

application_nginx.yaml a sample application (nginx)

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-app
  namespace: default 
spec:
  replicas: 1  # You can adjust the number of replicas as needed.
  selector:
    matchLabels:
      app: nginx-app 
  template:
    metadata:
      labels:
        app: nginx-app 
    spec:
      containers:
      - name: nginx
        image: nginx:latest  # You can use a specific version if needed.
        ports:
        - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: nginx-app 
  namespace: default
spec:
  selector:
    app: nginx-app
  ports:
  - name : http 
    port: 80
    targetPort: 80

Deploy this yaml config

kubectl apply -f application_nginx.yaml

step 6 :

create the nginx ingress resource on kubernetes to expose application ingress.yaml a simple ingress

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nginx-ingress 
  namespace: default 
  annotations:
    kubernetes.io/ingress.class: "nginx"
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
  ingressClassName: nginx  
  rules:
    - http:
        paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: nginx-app
              port:
                number: 80

step 7 :

deploy this ingress and check if it's running properly

kubectl apply -f ingress.yaml
kubectl get pods 
kubectl get deploy
kubectl get svc
kubectl get ingress

now the website should be accessable from the browser kubectl get ingress will show and address in the terminal

Now we will add Let's Encrypt in this kubernetes Cluster

step 8:

first we have to install cert manager you can check more here https://cert-manager.io/docs/installation/

install cert manager in the k8s cluster quickly

kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.0/cert-manager.yaml

step 9:

Now we have to create certificate issuer for this cluster learn more

clusterIssuer.yaml

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
  namespace: default
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: skshahra@gmail.com
    privateKeySecretRef:
      name: letsencrypt-prod 
    solvers:
    - http01:
        ingress:
          class: nginx

kubectl apply -f clusterIssuer.yaml

step 10:

certificate.yaml

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: aifarming.tech 
  namespace: default
spec:
  secretName: aifarming.tech-tls
  dnsNames:
  - aifarming.tech 
  - www.aifarming.tech 
  issuerRef:
    name: letsencrypt-prod
    kind: ClusterIssuer
  commonName: www.aifarming.tech

kubectl get certificates aifarming.tech                                             
kubectl get secrets aifarming.tech-tls
kubectl get ingress

Now You can access your web side with HTTPS . for this configuration we are using www.aifarming.tech

AzureLet's EncryptKubernetes