cert-manager is a certificate management toolkit for Kubernetes, commonly used to get TLS certificates from Let’s Encrypt. Project founder James Munnelly of Jetstack joins hosts Craig and Adam to explain how how certificates are issued and managed, and how cert-manager automates it all.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: [email protected]
• twitter: @kubernetespod

Chatter of the week

• Fast food-themed entertainment:
  • Wendy’s Feast of Legends role-playing game
  • KFC dating simulator
  • Burger King Games
  • M.C. Kids
  • Taco Bell’s Tasty Temple Challenge
  • The McDonalds board game
• KFC virtual escape room training
• Soda-themed entertainment:
  • Cool Spot
  • Pepsi Invaders
  • Mad Mix: The Pepsi Challenge
• Stranger Things 3: The Game

News of the week

• Rancher 2.3 released
  • Episode 57, with Darren Shepherd
  • Windows container support and Rancher 2.3
• Amazon EKS now has Windows containers generally available
• Episode 70, with Patrick Lang
• New on DigitalOcean Kubernetes Service: cluster autoscaling
• Elastic Cloud on Kubernetes v1.0.0-beta1 released
• MuleSoft releases AnyPoint Service Mesh
  • Container Journal interview
• Linkerd 2.6
  • A guide to distributed tracing with Linkerd
• Trackman, open source step-workflow tool from Cloud 66
• Puppet announces public beta of Project Nebula
• KubeCon NA 2019 contributor summit schedule announced
• Kubernetes patterns for capacity planning by Mohamed Ahmed
• How Booz Allen Hamilton is helping modernize the Federal Government with Kubernetes
• Flant.com compares 11 ingress controllers for Kubernetes
• How Zalando manages over 140 Kubernetes clusters by Henning Jacobs
• Cluster API Simplifies Execution and Powers Projet Pacific at VMware
• Grant Shipley moves from Red Hat/IBM to VMware
  • Kubernetes Wild West video game
• SUSE moves on from OpenStack and doubles down on Kubernetes
• SAP to make HANA database available on Kubernetes

Links from the interview

• Jetstack
  • The two Matts: founders Matt Bates and Matt Barker
  • James’s Jetstack bio
• cert-manager
  • Docs
  • Co-evolved with kube-lego by Christian Simon
• How TLS encryption works:
  • x509 for public key certificates
  • Chains of trust
  • Certificate authorities and root certificates
• Episode 60, with Mark Shuttleworth, founder of Thawte
• LetsEncrypt
  • How it works
  • ACME protocol
  • HTTP-01 and DNS-01 validation
• cert-manager concepts:
  • Issuers and Certificates
  • Self-signing issuers
• Kubernetes and webhooks:
  • Validating webhooks require TLS
  • Kubebuilder supports cert-manager
  • Chicken-and-egg problem for validating webhooks
  • Conversion webhooks
  • Mirror/static pods
• Kubernetes ingress quick-start tutorial
  • Different solver types
  • The ingress-shim controller
• Other issuer options:
  • Vault, internal CA, CertificateRequests
• Lets Encrypt is blocking old cert-manager versions
  • Edge cases where retry looping would start
• v0.11 release notes
• Upgrading to v0.11
• Getting involved:
  • cert-manager and cert-manager-dev Slack channel
  • Bi-weekly community call
  • cert-manager on GitHub
• James Munnelly on Twitter