Date: Tue, 15 Oct 2019 17:22:06 +0000
<p><a href="https://github.com/jetstack/cert-manager">cert-manager</a> is a certificate management toolkit for Kubernetes, commonly used to get TLS certificates from <a href="https://letsencrypt.org/">Let’s Encrypt</a>. Project founder <a href="https://twitter.com/jamesmunnelly">James Munnelly</a> of <a href="https://www.jetstack.io/">Jetstack</a> joins hosts <a href="https://kubernetespodcast.com/about">Craig and Adam</a> to explain how how certificates are issued and managed, and how cert-manager automates it all.</p> <p>Do you have something cool to share? Some questions? Let us know:</p> <ul> <li>web: <a href="https://kubernetespodcast.com">kubernetespodcast.com</a></li> <li>mail: <a href="mailto:kubernetespodcast@google.com">kubernetespodcast@google.com</a></li> <li>twitter: <a href="https://twitter.com/kubernetespod">@kubernetespod</a></li> </ul> <h3 id="chatter-of-the-week">Chatter of the week</h3> <ul> <li>Fast food-themed entertainment: <ul> <li><a href="https://www.feastoflegends.com/">Wendy’s Feast of Legends</a> role-playing game</li> <li><a href="https://youtu.be/cNQxsTKpFtw">KFC dating simulator</a></li> <li><a href="https://en.wikipedia.org/wiki/King_Games">Burger King Games</a></li> <li><a href="https://en.wikipedia.org/wiki/M.C._Kids">M.C. Kids</a></li> <li><a href="https://classicreload.com/taco-bell-tasty-temple-challenge.html">Taco Bell’s Tasty Temple Challenge</a></li> <li><a href="https://boardgamegeek.com/boardgame/15214/mcdonalds-game">The McDonalds board game</a></li> </ul> </li> <li><a href="https://www.eater.com/2017/8/23/16192508/kfc-virtual-reality-training-oculus-rift"> KFC virtual escape room training</a></li> <li>Soda-themed entertainment: <ul> <li><a href="https://en.wikipedia.org/wiki/Cool_Spot">Cool Spot</a></li> <li><a href="https://en.wikipedia.org/wiki/Pepsi_Invaders">Pepsi Invaders</a></li> <li><a href="https://www.plinq.co/advergames-by-year#mad_mix_game%3A_the_pepsi_challenge"> Mad Mix: The Pepsi Challenge</a></li> </ul> </li> <li><a href="https://www.polygon.com/2019/3/21/18272825/stranger-things-3-the-game-release-date"> Stranger Things 3: The Game</a></li> </ul> <h3 id="news-of-the-week">News of the week</h3> <ul> <li><a href="https://rancher.com/blog/2019/rancher-2_3-ga-announcement/">Rancher 2.3 released</a> <ul> <li><a href="https://kubernetespodcast.com/episode/057-rancher-labs/">Episode 57, with Darren Shepherd</a></li> <li><a href="https://rancher.com/blog/2019/rancher-2_3-ga-announcement/">Windows container support and Rancher 2.3</a></li> </ul> </li> <li><a href="https://aws.amazon.com/blogs/aws/amazon-eks-windows-container-support-now-generally-available/"> Amazon EKS now has Windows containers generally available</a></li> <li><a href="https://kubernetespodcast.com/episode/070-windows-server-containers/"> Episode 70, with Patrick Lang</a></li> <li><a href="https://blog.digitalocean.com/new-on-digitalocean-kubernetes/">New on DigitalOcean Kubernetes Service</a>: cluster autoscaling</li> <li><a href="https://www.elastic.co/blog/elastic-cloud-on-kubernetes-1-0-0-beta1-released"> Elastic Cloud on Kubernetes v1.0.0-beta1 released</a></li> <li><a href="https://www.mulesoft.com/press-center/october-2019-release-anypoint-service-mesh"> MuleSoft releases AnyPoint Service Mesh</a> <ul> <li><a href="https://containerjournal.com/topics/container-management/mulesoft-embraces-istio-to-manage-microservices/"> Container Journal interview</a></li> </ul> </li> <li><a href="https://linkerd.io/2019/10/10/announcing-linkerd-2.6/">Linkerd 2.6</a> <ul> <li><a href="https://linkerd.io/2019/10/07/a-guide-to-distributed-tracing-with-linkerd/"> A guide to distributed tracing with Linkerd</a></li> </ul> </li> <li><a href="https://blog.cloud66.com/introducing-trackman-execute-commands-as-a-workflow/"> Trackman</a>, open source step-workflow tool from Cloud 66</li> <li><a href="https://puppet.com/blog/announcing-public-beta-project-nebula">Puppet announces public beta of Project Nebula</a></li> <li><a href="https://kubernetes.io/blog/2019/10/10/contributor-summit-san-diego-schedule/"> KubeCon NA 2019 contributor summit schedule announced</a></li> <li><a href="https://www.cncf.io/blog/2019/10/08/kubernetes-patterns-capacity-planning/"> Kubernetes patterns for capacity planning</a> by Mohamed Ahmed</li> <li><a href="https://www.cncf.io/blog/2019/10/11/how-booz-allen-hamilton-is-helping-modernize-the-federal-government-with-kubernetes/"> How Booz Allen Hamilton is helping modernize the Federal Government with Kubernetes</a></li> <li><a href="https://medium.com/flant-com/comparing-ingress-controllers-for-kubernetes-9b397483b46b"> Flant.com compares 11 ingress controllers for Kubernetes</a></li> <li><a href="https://srcco.de/posts/how-zalando-manages-140-kubernetes-clusters.html"> How Zalando manages over 140 Kubernetes clusters</a> by Henning Jacobs</li> <li>Cluster API <a href="https://blogs.vmware.com/cloudnative/2019/10/09/5396/">Simplifies Execution</a> and <a href="https://blogs.vmware.com/cloudnative/2019/10/08/pattern-recognition-how-cluster-api-reveals-the-core-of-kubernetes/"> Powers Projet Pacific</a> at VMware</li> <li><a href="https://www.crn.com/news/red-hat-kubernetes-kingpin-grant-shipley-jumps-ship-to-vmware?itc=refresh"> Grant Shipley moves from Red Hat/IBM to VMware</a> <ul> <li><a href="https://github.com/gshipley/Wild-West-Frontend">Kubernetes Wild West</a> video game</li> </ul> </li> <li><a href="https://www.suse.com/c/suse-doubles-down-on-application-delivery-to-meet-customer-needs/"> SUSE moves on from OpenStack and doubles down on Kubernetes</a></li> <li><a href="https://containerjournal.com/topics/container-ecosystems/sap-to-make-hana-database-available-on-kubernetes/"> SAP to make HANA database available on Kubernetes</a></li> </ul> <h3 id="links-from-the-interview">Links from the interview</h3> <ul> <li><a href="https://www.jetstack.io/">Jetstack</a> <ul> <li>The two Matts: founders <a href="https://www.jetstack.io/about/mattbates/">Matt Bates</a> and <a href="https://www.jetstack.io/about/mattbarker/">Matt Barker</a></li> <li><a href="https://www.jetstack.io/about/jamesmunnelly/">James’s Jetstack bio</a></li> </ul> </li> <li><a href="https://github.com/jetstack/cert-manager">cert-manager</a> <ul> <li><a href="https://docs.cert-manager.io/en/latest/">Docs</a></li> <li>Co-evolved with <a href="https://github.com/jetstack/kube-lego">kube-lego</a> by <a href="https://www.jetstack.io/about/christiansimon/">Christian Simon</a></li> </ul> </li> <li>How TLS encryption works: <ul> <li><a href="https://en.wikipedia.org/wiki/X.509">x509</a> for <a href="https://en.wikipedia.org/wiki/Public_key_certificate">public key certificates</a></li> <li><a href="https://www.thesslstore.com/knowledgebase/ssl-support/explaining-the-chain-of-trust/"> Chains of trust</a></li> <li><a href="https://en.wikipedia.org/wiki/Certificate_authority">Certificate authorities</a> and <a href="https://en.wikipedia.org/wiki/Root_certificate">root certificates</a></li> </ul> </li> <li><a href="https://kubernetespodcast.com/episode/060-ubuntu/">Episode 60, with Mark Shuttleworth</a>, founder of Thawte</li> <li><a href="https://en.wikipedia.org/wiki/Let's_Encrypt">LetsEncrypt</a> <ul> <li><a href="https://letsencrypt.org/how-it-works/">How it works</a></li> <li><a href="https://github.com/ietf-wg-acme/acme">ACME protocol</a></li> <li><a href="https://letsencrypt.org/docs/challenge-types/">HTTP-01 and DNS-01 validation</a></li> </ul> </li> <li>cert-manager concepts: <ul> <li><a href="https://docs.cert-manager.io/en/latest/reference/issuers.html">Issuers</a> and <a href="https://docs.cert-manager.io/en/latest/reference/certificates.html"> Certificates</a></li> <li><a href="https://docs.cert-manager.io/en/latest/tasks/issuers/setup-selfsigned.html"> Self-signing issuers</a></li> </ul> </li> <li>Kubernetes and webhooks: <ul> <li><a href="https://kubernetes.io/blog/2019/03/21/a-guide-to-kubernetes-admission-controllers/"> Validating webhooks require TLS</a></li> <li><a href="https://github.com/kubernetes-sigs/kubebuilder/blob/master/docs/book/src/cronjob-tutorial/cert-manager.md"> Kubebuilder supports cert-manager</a></li> <li><a href="https://docs.cert-manager.io/en/latest/getting-started/webhook.html"> Chicken-and-egg problem for validating webhooks</a></li> <li><a href="https://github.com/kubernetes/enhancements/blob/master/keps/sig-api-machinery/20190425-crd-conversion-webhook.md"> Conversion webhooks</a></li> <li><a href="https://kubernetes.io/docs/tasks/configure-pod-container/static-pod/"> Mirror/static pods</a></li> </ul> </li> <li><a href="https://docs.cert-manager.io/en/latest/tutorials/acme/quick-start/"> Kubernetes ingress quick-start tutorial</a> <ul> <li><a href="https://docs.cert-manager.io/en/latest/tasks/issuers/setup-acme/index.html#adding-multiple-solver-types"> Different solver types</a></li> <li><a href="https://docs.cert-manager.io/en/latest/tasks/issuing-certificates/ingress-shim.html"> The ingress-shim controller</a></li> </ul> </li> <li>Other issuer options: <ul> <li><a href="https://docs.cert-manager.io/en/latest/tasks/issuers/setup-vault.html"> Vault</a>, <a href="https://docs.cert-manager.io/en/latest/tasks/issuers/setup-ca.html"> internal CA</a>, <a href="https://docs.cert-manager.io/en/latest/reference/certificaterequests.html"> CertificateRequests</a></li> </ul> </li> <li><a href="https://community.letsencrypt.org/t/blocking-old-cert-manager-versions/98753"> Lets Encrypt is blocking old cert-manager versions</a> <ul> <li><a href="https://github.com/jetstack/cert-manager/issues/1948">Edge cases where retry looping would start</a></li> </ul> </li> <li><a href="https://github.com/jetstack/cert-manager/releases/tag/v0.11.0">v0.11 release notes</a></li> <li><a href="https://docs.cert-manager.io/en/release-0.11/tasks/upgrading/upgrading-0.10-0.11.html"> Upgrading to v0.11</a></li> <li>Getting involved: <ul> <li><a href="https://kubernetes.slack.com/messages/cert-manager">cert-manager</a> and <a href="https://kubernetes.slack.com/messages/cert-manager-dev">cert-manager-dev Slack channel</a></li> <li><a href="https://github.com/jetstack/cert-manager#community">Bi-weekly community call</a></li> <li><a href="https://github.com/jetstack/cert-manager">cert-manager on GitHub</a></li> </ul> </li> <li><a href="https://twitter.com/jamesmunnelly">James Munnelly</a> on Twitter</li> </ul>