Trendyol Tech
Published in

Trendyol Tech

Photo by Jason Pofahl on Unsplash

Manage Kubernetes Admission Webhook's certificates with cert-manager CA Injector and Vault PKI📝 🔐⛵️

Kubernetes Admission Controllers ⛵️

https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/

cert-manager and CA Injector 📝

Vault PKI (Public Key Infrastructure) 🔐

Installation 💻

Once you deploy Vault in dev mode enabled, your root password will be “root.” We’ll be using the commands provided in the official documentation of the Vault website. You can reach out to the commands and details on this page.

https://gist.github.com/developer-guy/0b128945dbc14f6bdd6009d6f648d4f3
https://gist.github.com/developer-guy/d5cfd97f781b3a1f0812544a4ee99560
https://gist.github.com/developer-guy/d544ae1f299c74cc1baa738c0a853719
https://gist.github.com/developer-guy/ad2093fc5b78e5fdbf399a03ea8062df
https://gist.github.com/developer-guy/829035a6df9b22c97e401dbdccc0328b

Do not forget to add config-admission-webhook-tls as a volume

Do not forget, you should leave the caBundle property empty of the webhook configuration.

How to monitor certificates? 👀

https://enix.io/en/blog/avoiding-certificate-expiration-kubernetes-infrastructure

How to accomplish hot-reloading your HTTP server with renewed certificates without having downtime? ✨

https://gist.github.com/developer-guy/de82fb8e97557ec711ae2dd79ac1d029

🎯 Conclusion

--

--

--

Trendyol Tech Team

Recommended from Medium

High Level Design Tools in DDD

Bouquet: Build Analytics Into Every App

Southbound Plugin — A SODA Foundation Integration with CloudsBrain

Rancher is a platform for k8s

WWDC Highlights Part 3 — Not Banana App Using Core ML

Creating A Patrol Drone Challenge In Unity

Making A Custom Bullet Hell-style Attack System (Part 1)

FP 360 Week 1

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
developer-guy

developer-guy

I do mostly Go, Kubernetes, and cloud-native stuff ⛵️🐰🐳

More from Medium

Getting started with OPA/Gatekeeper

Decrease your Organization’s Carbon footprints using Kubernetes

OPA Gatekeeper Library example allow image pull policy

Streamlining your Kubernetes adoption with Helmfile / ArgoCD and GitOps

Photo of a playground