{"id":11920,"date":"2022-09-27T12:20:54","date_gmt":"2022-09-27T06:50:54","guid":{"rendered":"https:\/\/opstree.com\/blog\/\/?p=11920"},"modified":"2022-09-27T12:24:21","modified_gmt":"2022-09-27T06:54:21","slug":"securing-k8s-traffic-with-cert-manager-amp-lets-encrypt","status":"publish","type":"post","link":"https:\/\/opstree.com\/blog\/2022\/09\/27\/securing-k8s-traffic-with-cert-manager-amp-lets-encrypt\/","title":{"rendered":"Securing Kubernetes Traffic with Cert-Manager &amp; Lets\u00a0Encrypt\u00a0"},"content":{"rendered":"<div class=\"wp-block-image\">\n<figure class=\"aligncenter is-resized\"><a href=\"https:\/\/ikarus.sg\/content\/images\/2021\/09\/certmanager.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/opstree.com\/blog\/\/wp-content\/uploads\/2022\/09\/ac646-1_3sxo7oarjcgj1diulhlda.png\" alt=\"\" width=\"461\" height=\"227\" \/><\/a><\/figure><\/div>\n\n\n<h4 class=\"wp-block-heading\"><strong>why do we need to use cert-manager?<\/strong><\/h4>\n\n\n\n<p>Cert-Manager simplifies the process of creating  &amp; renewing certificates. It makes sure your certificate is valid and up to date by renewing the certificate automatically for you in your kubernetes cluster. So that your domain certificate never expires. <\/p>\n\n\n\n<h3 class=\"wp-block-heading\">What is Cert-Manager?<\/h3>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter is-resized\"><a href=\"https:\/\/ikarus.sg\/content\/images\/2021\/09\/certmanager.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/opstree.com\/blog\/\/wp-content\/uploads\/2022\/09\/6214e-1mswnprmdxpgrni66s4qgdq.png\" alt=\"\" width=\"237\" height=\"228\" \/><\/a><\/figure><\/div>\n\n\n<p>Cert-Manager is a Kubernetes native certificate management controller consisting of a set of CustomResourceDefinitions. When we add cert-manager in our Kubernetes cluster it adds on the <strong>certificate<\/strong> &amp; <strong>certificate<\/strong> <strong>issuers<\/strong> as custom resource types in the Kubernetes cluster. which helps in adding or renewing the certificate. It also ensures that your certificate is valid and up to date. Cert-manager can issue certificates from a variety of sources such as let\u2019s encrypt, Vault, and SelfSigned, Venafi.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>How cert-manager is related to HTTP &amp; HTTPS<\/strong>?<\/h3>\n\n\n\n<p>As cert-manager helps in assigning the certificate from certificate Issuers to our domain. Now that certificate will be used by HTTPS protocol where &#8220;S&#8221; stands for secure. HTTP protocol was developed in the early 1990s and was initiated by <a rel=\"noreferrer noopener\" href=\"https:\/\/en.wikipedia.org\/wiki\/Tim_Berners-Lee\" target=\"_blank\">Tim Berners-Lee<\/a>. HTTP gives users a way to interact with web resources such as HTML files by transmitting hypertext messages between clients and servers. However, it does not provide a single level of security when exchanging information between client and server. Therefore it is more prone to attackers as it sends that data as plain text.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter is-resized\"><a href=\"https:\/\/seopressor.com\/wp-content\/uploads\/2017\/07\/Difference-Between-HTTP-and-HTTPS.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/opstree.com\/blog\/\/wp-content\/uploads\/2022\/09\/d584e-1zogqbaregcrhc_ijhisrmw.png\" alt=\"\" width=\"295\" height=\"238\" \/><\/a><\/figure><\/div>\n\n\n<!--more-->\n\n\n\n<p>That is when HTTPS comes to the rescue. HTTPS uses the SSL\/TLS protocol to encrypt communication b\/w client and server so that attackers can\u2019t steal the data. It also confirms that a website server is who it says it is, preventing impersonations.<\/p>\n\n\n\n<p>Now it is time to walk you through the configuration steps that are required to automatically enable TLS on your public Kubernetes services.<\/p>\n\n\n\n<h4 class=\"has-text-align-left wp-block-heading\"><strong>Prerequisites:<\/strong><\/h4>\n\n\n\n<p class=\"has-text-align-left\">To Follow the steps in this article, you will need the setup<\/p>\n\n\n\n<ul>\n<li>A Kubernetes cluster up &amp; running with version 1.20+.<\/li>\n\n\n\n<li> Kubectl CLI is installed and configured to talk to your Kubernetes cluster.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Install Helm&nbsp;<\/strong><\/h4>\n\n\n\n<p>Helm is an official Kubernetes native package manager. It allows you to install applications on your Kubernetes cluster in a similar manner to yum\/apt for Linux Distribution. If you are using Debian\/Ubuntu in your system, run the following command to install helm<\/p>\n\n\n\n<pre class=\"wp-block-verse has-white-color has-dark-gray-background-color has-text-color has-background\">curl https:\/\/baltocdn.com\/helm\/signing.asc | gpg --dearmor | sudo tee \/usr\/share\/keyrings\/helm.gpg &gt; \/dev\/null\nsudo apt-get install apt-transport-https --yes\necho \"deb [arch=$(dpkg --print-architecture) signed-by=\/usr\/share\/keyrings\/helm.gpg] https:\/\/baltocdn.com\/helm\/stable\/debian\/ all main\" | sudo tee \/etc\/apt\/sources.list.d\/helm-stable-debian.list\nsudo apt-get update\nsudo apt-get install helm<\/pre>\n\n\n\n<p>If you are using a different OS then you can install it from HELM&nbsp;<br><a rel=\"noreferrer noopener\" href=\"https:\/\/helm.sh\/docs\/intro\/install\/\" target=\"_blank\">documentation<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">What is Kong Ingress Controller?<\/h3>\n\n\n\n<p>In the Kubernetes world, an Ingress is an object that manages external access to services within a cluster. Kong ingress controller is also used to manage the external traffic that is coming from the outside world to your kubernetes cluster. It is also used in health checks &amp; load balancing the traffic b\/w the pods. Kong Ingress controller is available as open source as well as in enterprise version which is paid one. If you want to know more about Kong Ingress Controller <a href=\"https:\/\/docs.konghq.com\/kubernetes-ingress-controller\/latest\/\" target=\"_blank\" rel=\"noopener\">CLICK HERE<\/a>.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Install Kong Ingress<\/strong><\/h4>\n\n\n\n<p>Now we will deploy Kong Controller using the helm chart.<\/p>\n\n\n\n<pre class=\"wp-block-verse has-white-color has-dark-gray-background-color has-text-color has-background\">helm repo add kong https:\/\/charts.konghq.com\nhelm repo update\nhelm install kong\/kong --generate-name --set ingressController.installCRDs=false<\/pre>\n\n\n\n<p>Once we have deployed the Kong Ingress controller. Now we need to verify if it was running or not.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/opstree.com\/blog\/\/wp-content\/uploads\/2022\/09\/3b37c-1mknd-wrmqj9hdwo06teqcw.png\" alt=\"\" \/><figcaption class=\"wp-element-caption\">Kong Controller<\/figcaption><\/figure>\n\n\n\n<p><strong>Install Cert-Manager<\/strong><\/p>\n\n\n\n<p>Cert-manager provides helm chart as the first-class installation on Kubernetes. To install cert-manager in your Kubernetes cluster run the following commands.<\/p>\n\n\n\n<pre class=\"wp-block-verse has-white-color has-dark-gray-background-color has-text-color has-background\">helm repo add jetstack https:\/\/charts.jetstack.io\nhelm repo update\nkubectl apply -f https:\/\/github.com\/cert-manager\/cert-manager\/releases\/download\/v1.9.1\/cert-manager.crds.yaml\nhelm install \\\ncert-manager jetstack\/cert-manager \\\n--namespace cert-manager \\\n--create-namespace \\\n--version v1.9.1 <\/pre>\n\n\n\n<p>To Verify your cert-manager pod is up &amp; running run the below command and you will see a similar output as shown in figure 1.0<\/p>\n\n\n\n<pre class=\"wp-block-verse has-white-color has-dark-gray-background-color has-text-color has-background\">kubectl get pod -n cert-manager<\/pre>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/opstree.com\/blog\/\/wp-content\/uploads\/2022\/09\/8cafe-1rjw1c001yx7zkhpw1vdwcq.png\" alt=\"\" \/><figcaption class=\"wp-element-caption\">figure 1.0<\/figcaption><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Issuer<\/strong><\/h4>\n\n\n\n<p>Issuer represents Kubernetes resource certificate authorities (CAs) that are able to generate signed certificates by honoring certificate signing requests. All cert-manager certificates that we created required referenced issuers that are in a ready condition to attempt to honor requests.<br>There are 2 types of Issuer:<br><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"552\" height=\"324\" src=\"https:\/\/opstree.com\/blog\/\/wp-content\/uploads\/2022\/09\/image-13.png?w=552\" alt=\"\" class=\"wp-image-11949\" \/><figcaption class=\"wp-element-caption\">Issuers Types<\/figcaption><\/figure>\n\n\n\n<p><strong>Issuer<\/strong>: This Issuer works at the namespace level for creating and renewing certificates. We need to create different Issuers for each and every namespace.<br><strong>ClusterIssuer<\/strong>: This ClusterIssuer works at the cluster level. This means we don\u2019t create an Issuer for each and every namespace.<\/p>\n\n\n\n<p>Now let\u2019s create an Issuer that which we will make use of for obtaining the certificate.<\/p>\n\n\n\n<p>Begin by creating a manifest YAML file for it \u201cClusterIssuer.yaml\u201d and add the following text to it. In the server section of the yaml manifest, you will find the staging URL of the let\u2019s encrypt server that will generate the certificate for the staging environment. Once we will be done with testing our ClusterIssuers i.e Let\u2019s encrypt in that we are successfully able to generate the certificate then we can move to production as well.<\/p>\n\n\n\n<pre class=\"wp-block-verse has-white-color has-dark-gray-background-color has-text-color has-background\">apiVersion: cert-manager.io\/v1\nkind: ClusterIssuer\nmetadata:\n  name: letsencrypt-staging\nspec:\n  acme:\n    server: https:\/\/acme-staging-v02.api.letsencrypt.org\/directory\n    email: abc@gmail.com\n    privateKeySecretRef:\n      name: letsencrypt-staging-key\n    solvers:\n    - http01:\n        ingress:\n          class: kong<\/pre>\n\n\n\n<p>To verify that our ClusterIssuer is created successfully or not. Run the command &amp; you will see the output as shown in Figure 1.1<\/p>\n\n\n\n<pre class=\"wp-block-verse has-white-color has-dark-gray-background-color has-text-color has-background\">kubectl get ClusterIssuer<\/pre>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/opstree.com\/blog\/\/wp-content\/uploads\/2022\/09\/afc65-1utadwivinq447syv9tgcww.png\" alt=\"\" \/><figcaption class=\"wp-element-caption\">Figure 1.1<\/figcaption><\/figure>\n\n\n\n<p>As of now, we have deployed the Kong controller, cert-manager &amp; ClusterIssuer. Now it\u2019s time to create a certificate from the ClusterIssuer that we created. But before going ahead with creating a certificate we need to understand the Challenges.<\/p>\n\n\n\n<p>In order for the ACME (Automated Certificate Management Environment) CA server to verify that the certificate that you are requesting for a domain is owned by you or not. It performs challenges validation. cert-manager offers two challenges validation- HTTP01 and DNS01 challenges.<\/p>\n\n\n\n<p>Now we will create a manifest yaml (certificate.yaml) for the certificate.<\/p>\n\n\n\n<pre class=\"wp-block-verse has-white-color has-dark-gray-background-color has-text-color has-background\">apiVersion: cert-manager.io\/v1\nkind: Certificate\nmetadata:\n  name: staging\n  namespace: default\nspec:\n  issuerRef:\n    name: letsencrypt-staging\n    kind: ClusterIssuer\n  secretName: cert-testing\n  dnsNames:\n  - xyz.besttechclub.site<\/pre>\n\n\n\n<p>Now you can verify whether your certificate is created or not.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/opstree.com\/blog\/\/wp-content\/uploads\/2022\/09\/1f7bc-17199spghssc0t-b5wlfdfa.png\" alt=\"\" \/><figcaption class=\"wp-element-caption\">certificate image<\/figcaption><\/figure>\n\n\n\n<p>Now you can create a deployment (deployment. yaml ) and expose the svc using the ingress object.<\/p>\n\n\n\n<pre class=\"wp-block-verse has-white-color has-dark-gray-background-color has-text-color has-background\">apiVersion: v1\nkind: Service\nmetadata:\n  name: nginx-svc\n  namespace: default\nspec:\n  selector:\n    app: nginx\n  ports:\n   - protocol: \"TCP\"\n     port: 80\n     targetPort: 80\n  type: ClusterIP\n---\napiVersion: apps\/v1\nkind: Deployment\nmetadata:\n  name: nginx-deployment\n  namespace: default\nspec:\n  selector:\n    matchLabels:\n      app: nginx\n  replicas: 1\n  template:\n    metadata:\n      labels:\n        app: nginx\n    spec:\n      containers:\n        - name: airport-cab\n          image: nginx:latest\n          imagePullPolicy: Always\n          ports:\n          - containerPort: 80\n---\napiVersion: \"networking.k8s.io\/v1\"\nkind: \"Ingress\"\nmetadata:\n  name: \"nginx-ssl\"\n  namespace: \"default\"\n  annotations:\n    konghq.com\/plugins: \"global-datadog\"\n    konghq.com\/strip-path: \"true\"\n    certmanager.k8s.io\/cluster-issuer: letsencrypt-staging\nspec:\n  tls:\n  - hosts:\n    - \"xyz.besttechclub.site\"\n    secretName: cert-testing\n  ingressClassName: \"kong\"\n  rules:\n  - host: \"xyz.besttechclub.site\"\n    http:\n      paths:\n      - path: \"\/\"\n        pathType: \"Prefix\"\n        backend:\n          service:\n            name: \"nginx-svc\"\n            port:\n              number: 80<\/pre>\n\n\n\n<pre class=\"wp-block-verse has-white-color has-dark-gray-background-color has-text-color has-background\">kubectl apply -f deployment.yaml<\/pre>\n\n\n\n<p>Once done with the deployment Now you can verify it.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/opstree.com\/blog\/\/wp-content\/uploads\/2022\/09\/ad606-17le5ezgkv5bzwlstk7ycfa.png\" alt=\"\" \/><figcaption class=\"wp-element-caption\">deployment status<\/figcaption><\/figure>\n\n\n\n<p>Now you can hit your domain URL on a web browser and will see the Let&#8217;s encrypt assign the certificate for it.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/opstree.com\/blog\/\/wp-content\/uploads\/2022\/09\/3a493-1bro4tmxwu6by5lzyspvmug.png\" alt=\"\" \/><\/figure>\n\n\n\n<p>Once we are done with the testing in the staging environment we can implement the ClusterIssuer with the Production URL such that the not secure symbol totally disappeared for the user. To do so we need to change the server URL of Cluster Issuer to&nbsp;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted has-white-color has-dark-gray-background-color has-text-color has-background\">server: <a rel=\"noreferrer noopener\" href=\"https:\/\/acme-v02.api.letsencrypt.org\/directory\" target=\"_blank\">https:\/\/acme-v02.api.letsencrypt.org\/directory<\/a><\/pre>\n\n\n\n<h2 class=\"has-text-align-justify wp-block-heading\"><strong>Conclusion<\/strong><\/h2>\n\n\n\n<p class=\"has-text-align-justify\">Using cert-manager, kong-ingress &amp; Let\u2019s Encrypt we can automate the process of creating and renewing the certificate in the Kubernetes cluster, and also we can manage the end-to-end encrypted connection between the client &amp; Kubernetes cluster.<\/p>\n\n\n\n<h4 class=\"has-text-align-justify wp-block-heading\">References<\/h4>\n\n\n\n<ul>\n<li>https:\/\/cert-manager.io\/docs\/<\/li>\n\n\n\n<li>https:\/\/letsencrypt.org\/getting-started\/<\/li>\n<\/ul>\n\n\n\n<p><strong>Blog Pundits:<\/strong> <a href=\"https:\/\/opstree.com\/blog\/\/author\/bhupendersinghb5dca0b393\/\"><strong>Bhupender rawat<\/strong><\/a> <strong>and<\/strong> <strong><a rel=\"noreferrer noopener\" href=\"https:\/\/opstree.com\/blog\/\/author\/sandeep7c51ad81ba\/\" target=\"_blank\">Sandeep Rawat<\/a><\/strong><\/p>\n\n\n\n<p><strong><a href=\"https:\/\/www.opstree.com\/contact-us?utm_source=Wordpress&amp;utm_medium=Blog&amp;utm_campaign=Securing_Kubernetes_Traffic_with_Cert-Manager_%26_Lets_Encrypt%C2%A0\" target=\"_blank\" rel=\"noreferrer noopener\">Opstree<\/a><\/strong>\u00a0is an End to End DevOps solution provider.<\/p>\n\n\n\n<div class=\"wp-block-buttons is-layout-flex wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link wp-element-button\" href=\"https:\/\/www.opstree.com\/contact-us?utm_source=Wordpress&amp;utm_medium=Blog&amp;utm_campaign=Securing_Kubernetes_Traffic_with_Cert-Manager_%26_Lets_Encrypt%C2%A0\" target=\"_blank\" rel=\"noreferrer noopener\">CONTACT US<\/a><\/div>\n<\/div>\n\n\n\n<p class=\"has-text-align-center\"><strong>Connect with Us<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-social-links aligncenter is-content-justification-center is-layout-flex wp-container-core-social-links-is-layout-1 wp-block-social-links-is-layout-flex\"><li class=\"wp-social-link wp-social-link-linkedin  wp-block-social-link\"><a href=\"https:\/\/www.linkedin.com\/company\/opstree-solutions\" class=\"wp-block-social-link-anchor\" target=\"_blank\" rel=\"noopener\"><svg width=\"24\" height=\"24\" viewBox=\"0 0 24 24\" version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" aria-hidden=\"true\" focusable=\"false\"><path d=\"M19.7,3H4.3C3.582,3,3,3.582,3,4.3v15.4C3,20.418,3.582,21,4.3,21h15.4c0.718,0,1.3-0.582,1.3-1.3V4.3 C21,3.582,20.418,3,19.7,3z M8.339,18.338H5.667v-8.59h2.672V18.338z M7.004,8.574c-0.857,0-1.549-0.694-1.549-1.548 c0-0.855,0.691-1.548,1.549-1.548c0.854,0,1.547,0.694,1.547,1.548C8.551,7.881,7.858,8.574,7.004,8.574z M18.339,18.338h-2.669 v-4.177c0-0.996-0.017-2.278-1.387-2.278c-1.389,0-1.601,1.086-1.601,2.206v4.249h-2.667v-8.59h2.559v1.174h0.037 c0.356-0.675,1.227-1.387,2.526-1.387c2.703,0,3.203,1.779,3.203,4.092V18.338z\"><\/path><\/svg><span class=\"wp-block-social-link-label screen-reader-text\">LinkedIn<\/span><\/a><\/li>\n\n<li class=\"wp-social-link wp-social-link-youtube  wp-block-social-link\"><a href=\"https:\/\/www.youtube.com\/channel\/UCeLma6SpNYH7jjYKSBNSexw\" class=\"wp-block-social-link-anchor\" target=\"_blank\" rel=\"noopener\"><svg width=\"24\" height=\"24\" viewBox=\"0 0 24 24\" version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" aria-hidden=\"true\" focusable=\"false\"><path d=\"M21.8,8.001c0,0-0.195-1.378-0.795-1.985c-0.76-0.797-1.613-0.801-2.004-0.847c-2.799-0.202-6.997-0.202-6.997-0.202 h-0.009c0,0-4.198,0-6.997,0.202C4.608,5.216,3.756,5.22,2.995,6.016C2.395,6.623,2.2,8.001,2.2,8.001S2,9.62,2,11.238v1.517 c0,1.618,0.2,3.237,0.2,3.237s0.195,1.378,0.795,1.985c0.761,0.797,1.76,0.771,2.205,0.855c1.6,0.153,6.8,0.201,6.8,0.201 s4.203-0.006,7.001-0.209c0.391-0.047,1.243-0.051,2.004-0.847c0.6-0.607,0.795-1.985,0.795-1.985s0.2-1.618,0.2-3.237v-1.517 C22,9.62,21.8,8.001,21.8,8.001z M9.935,14.594l-0.001-5.62l5.404,2.82L9.935,14.594z\"><\/path><\/svg><span class=\"wp-block-social-link-label screen-reader-text\">YouTube<\/span><\/a><\/li>\n\n<li class=\"wp-social-link wp-social-link-github  wp-block-social-link\"><a href=\"https:\/\/github.com\/OpsTree\" class=\"wp-block-social-link-anchor\" target=\"_blank\" rel=\"noopener\"><svg width=\"24\" height=\"24\" viewBox=\"0 0 24 24\" version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" aria-hidden=\"true\" focusable=\"false\"><path d=\"M12,2C6.477,2,2,6.477,2,12c0,4.419,2.865,8.166,6.839,9.489c0.5,0.09,0.682-0.218,0.682-0.484 c0-0.236-0.009-0.866-0.014-1.699c-2.782,0.602-3.369-1.34-3.369-1.34c-0.455-1.157-1.11-1.465-1.11-1.465 c-0.909-0.62,0.069-0.608,0.069-0.608c1.004,0.071,1.532,1.03,1.532,1.03c0.891,1.529,2.341,1.089,2.91,0.833 c0.091-0.647,0.349-1.086,0.635-1.337c-2.22-0.251-4.555-1.111-4.555-4.943c0-1.091,0.39-1.984,1.03-2.682 C6.546,8.54,6.202,7.524,6.746,6.148c0,0,0.84-0.269,2.75,1.025C10.295,6.95,11.15,6.84,12,6.836 c0.85,0.004,1.705,0.114,2.504,0.336c1.909-1.294,2.748-1.025,2.748-1.025c0.546,1.376,0.202,2.394,0.1,2.646 c0.64,0.699,1.026,1.591,1.026,2.682c0,3.841-2.337,4.687-4.565,4.935c0.359,0.307,0.679,0.917,0.679,1.852 c0,1.335-0.012,2.415-0.012,2.741c0,0.269,0.18,0.579,0.688,0.481C19.138,20.161,22,16.416,22,12C22,6.477,17.523,2,12,2z\"><\/path><\/svg><span class=\"wp-block-social-link-label screen-reader-text\">GitHub<\/span><\/a><\/li>\n\n<li class=\"wp-social-link wp-social-link-facebook  wp-block-social-link\"><a href=\"https:\/\/www.facebook.com\/opstree\" class=\"wp-block-social-link-anchor\" target=\"_blank\" rel=\"noopener\"><svg width=\"24\" height=\"24\" viewBox=\"0 0 24 24\" version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" aria-hidden=\"true\" focusable=\"false\"><path d=\"M12 2C6.5 2 2 6.5 2 12c0 5 3.7 9.1 8.4 9.9v-7H7.9V12h2.5V9.8c0-2.5 1.5-3.9 3.8-3.9 1.1 0 2.2.2 2.2.2v2.5h-1.3c-1.2 0-1.6.8-1.6 1.6V12h2.8l-.4 2.9h-2.3v7C18.3 21.1 22 17 22 12c0-5.5-4.5-10-10-10z\"><\/path><\/svg><span class=\"wp-block-social-link-label screen-reader-text\">Facebook<\/span><\/a><\/li>\n\n<li class=\"wp-social-link wp-social-link-medium  wp-block-social-link\"><a href=\"https:\/\/medium.com\/buildpiper\" class=\"wp-block-social-link-anchor\" target=\"_blank\" rel=\"noopener\"><svg width=\"24\" height=\"24\" viewBox=\"0 0 24 24\" version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" aria-hidden=\"true\" focusable=\"false\"><path d=\"M20.962,7.257l-5.457,8.867l-3.923-6.375l3.126-5.08c0.112-0.182,0.319-0.286,0.527-0.286c0.05,0,0.1,0.008,0.149,0.02 c0.039,0.01,0.078,0.023,0.114,0.041l5.43,2.715l0.006,0.003c0.004,0.002,0.007,0.006,0.011,0.008 C20.971,7.191,20.98,7.227,20.962,7.257z M9.86,8.592v5.783l5.14,2.57L9.86,8.592z M15.772,17.331l4.231,2.115 C20.554,19.721,21,19.529,21,19.016V8.835L15.772,17.331z M8.968,7.178L3.665,4.527C3.569,4.479,3.478,4.456,3.395,4.456 C3.163,4.456,3,4.636,3,4.938v11.45c0,0.306,0.224,0.669,0.498,0.806l4.671,2.335c0.12,0.06,0.234,0.088,0.337,0.088 c0.29,0,0.494-0.225,0.494-0.602V7.231C9,7.208,8.988,7.188,8.968,7.178z\"><\/path><\/svg><span class=\"wp-block-social-link-label screen-reader-text\">Medium<\/span><\/a><\/li><\/ul>\n","protected":false},"excerpt":{"rendered":"<p>why do we need to use cert-manager? Cert-Manager simplifies the process of creating &amp; renewing certificates. It makes sure your certificate is valid and up to date by renewing the certificate automatically for you in your kubernetes cluster. So that your domain certificate never expires. What is Cert-Manager? Cert-Manager is a Kubernetes native certificate management &hellip; <a href=\"https:\/\/opstree.com\/blog\/2022\/09\/27\/securing-k8s-traffic-with-cert-manager-amp-lets-encrypt\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Securing Kubernetes Traffic with Cert-Manager &amp; Lets\u00a0Encrypt\u00a0&#8220;<\/span><\/a><\/p>\n","protected":false},"author":225805170,"featured_media":29900,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[28070474],"tags":[89568553,768739308,304549859,4996032],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/opstree.com\/blog\/wp-content\/uploads\/2025\/11\/DevSecOps-1.jpg","jetpack_likes_enabled":true,"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pfDBOm-36g","jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/posts\/11920"}],"collection":[{"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/users\/225805170"}],"replies":[{"embeddable":true,"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/comments?post=11920"}],"version-history":[{"count":25,"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/posts\/11920\/revisions"}],"predecessor-version":[{"id":29635,"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/posts\/11920\/revisions\/29635"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/media\/29900"}],"wp:attachment":[{"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/media?parent=11920"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/categories?post=11920"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/tags?post=11920"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}