Secure WordPress On AKS With Letsencrypt

In this blog post, we are going to learn how to secure a WordPress deployment on Azure Kubernetes Service (AKS) using an SSL certificate and Letsencrypt.

In the previous blog post about WordPress, we learned how to run WordPress on AKS without SSL. The process to get SSL working involves deploying a reverse proxy service in the form of an Nginx and Letsencrypt.

Create a Namespace and configure Cert Manager

The first step will start with creating a new namespace (ingress-ns) in our AKS cluster using the following command.

kubectl create namespace ingress-ns

Next we will add the Nginx helm repo.

helm repo add ingress-nginx

Let’s install the Nginx controller.

helm install nginx-ingress ingress-nginx/ingress-nginx --namespace ingress-basic --set controller.replicaCount=2 --set controller.nodeSelector."beta\.kubernetes\.io/os"=linux --set defaultBackend.nodeSelector."beta\.kubernetes\.io/os"=linux

After deploying the controller, we need to get the external IP address that we will use to point our blog to using the following command.

Note: Take a note of the external IP addresss

kubectl --namespace ingress-ns get services -o wide -w nginx-ingress-ingress-nginx-controller

Run the command below to configure Cert Manager which is our letsencrypt deployment.

kubectl label namespace ingress-basic

We also need to install jetstack

helm repo add jetstack

Update helm using

helm repo update

And now we can install cert manager Helm chart.

helm install cert-manager --namespace ingress-basic --version v0.16.1 --set installCRDs=true --set nodeSelector."beta\.kubernetes\.io/os"=linux jetstack/cert-manager

Create a Cluster Issuer

Now we need to create a cluster issuer deployment which will handle all the certificate requests. Copy the YAML file below and run the deployment command.

IMPORTANT: You must enter a valid email address in the email filed in the file below.

kind: ClusterIssuer
  name: letsencrypt
      name: letsencrypt
    - http01:
          class: nginx
                "": linux

Save the file as YAML and run as shown below.

kubectl apply -f cluster-issuer.yaml

Deploy WordPress with SSL

The final part is to deploy WordPress with Helm and configure the SSL settings in the YAML file shown below.

    type: ClusterIP
    enabled: true
    certManager: true
    tls: true
    annotations: nginx "true" "letsencrypt"

To complete the deployment I will run the helm command as shown below:

helm install deploycontainers bitnami/wordpress --values=wp.yaml --namespace ingress-ns

If you go and visit https:/// you will see the SSL certificate and the blog that is running on WordPress.