Skip to content

Latest commit

 

History

History
50 lines (29 loc) · 1.39 KB

README.md

File metadata and controls

50 lines (29 loc) · 1.39 KB

meetup2018

E2E Encryption using Traefik, and Boulder

Generate root and intermediate certs:

./bootstrap.sh
  • Note: Passphrase is set to meetup2018 for keys

Based on configs and process from:

https://jamielinux.com/docs/openssl-certificate-authority/index.html

This creates the required boulder certs, and bakes them into the docker image:

Boulder image: dtomcej/boulder:meetup2018

https://github.com/dtomcej/boulder

This boulder image has the latest files baked in, and has a custom servers configuration to allow it to run in kubernetes.

Although, this image is ~1.35G, whereas the base image is 550M. You probably want to just clone my repo and docker build . yourself ;)

Boulder folder has 3 parts:

  • Mysql/Maria
  • HSM - Keystore
  • Boulder itself

We use an init container to wait for requirements to be read before starting pod. This coupled with good readiness probes allows evaluation order independance.

(Ensure traefik.rocks and traefik2.rocks resolves to localhost either by your /etc/hosts file, or DNS A records in your resolver).

We will also require the intermediate cert in certs/browser to be added and trusted by your client/browser.

Add: /certs/browser/intermediate.crt

to trust store (SSL and x.509 Basic)

Browse to: https://traefik.rocks:30443/

and

http://localhost:30880/dashboard/

Scaling app:

kubectl scale deployment whoami -n whoami --replicas=10