Secure WordPress On AKS With Letsencrypt

In this blog post, we are going to learn how to secure a WordPress deployment on Azure Kubernetes Service (AKS) using an SSL certificate and Letsencrypt.

In the previous blog post about WordPress, we learned how to run WordPress on AKS without SSL. The process to get SSL working involves deploying a reverse proxy service in the form of an Nginx and Letsencrypt.

Create a Namespace and configure Cert Manager

The first step will start with creating a new namespace (ingress-ns) in our AKS cluster using the following command.

kubectl create namespace ingress-ns

Next we will add the Nginx helm repo.

helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx

Let’s install the Nginx controller.

helm install nginx-ingress ingress-nginx/ingress-nginx --namespace ingress-basic --set controller.replicaCount=2 --set controller.nodeSelector."beta\.kubernetes\.io/os"=linux --set defaultBackend.nodeSelector."beta\.kubernetes\.io/os"=linux

After deploying the controller, we need to get the external IP address that we will use to point our blog to using the following command.

Note: Take a note of the external IP addresss

kubectl --namespace ingress-ns get services -o wide -w nginx-ingress-ingress-nginx-controller

Run the command below to configure Cert Manager which is our letsencrypt deployment.

kubectl label namespace ingress-basic cert-manager.io/disable-validation=true

We also need to install jetstack

helm repo add jetstack https://charts.jetstack.io

Update helm using

helm repo update

And now we can install cert manager Helm chart.

helm install cert-manager --namespace ingress-basic --version v0.16.1 --set installCRDs=true --set nodeSelector."beta\.kubernetes\.io/os"=linux jetstack/cert-manager

Create a Cluster Issuer

Now we need to create a cluster issuer deployment which will handle all the certificate requests. Copy the YAML file below and run the deployment command.

IMPORTANT: You must enter a valid email address in the email filed in the file below.


apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
  name: letsencrypt
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: EMAILADDRESS
    privateKeySecretRef:
      name: letsencrypt
    solvers:
    - http01:
        ingress:
          class: nginx
          podTemplate:
            spec:
              nodeSelector:
                "kubernetes.io/os": linux

Save the file as YAML and run as shown below.

kubectl apply -f cluster-issuer.yaml

Deploy WordPress with SSL

The final part is to deploy WordPress with Helm and configure the SSL settings in the YAML file shown below.

service:
    type: ClusterIP
ingress:
    enabled: true
    certManager: true
    hostname: www.deploycontainers.com
    tls: true
    annotations: 
        kubernetes.io/ingress.class: nginx
        kubernetes.io/tls-acme: "true"
        cert-manager.io/cluster-issuer: "letsencrypt"

To complete the deployment I will run the helm command as shown below:

helm install deploycontainers bitnami/wordpress --values=wp.yaml --namespace ingress-ns

If you go and visit https:///www.deploycontainers.com you will see the SSL certificate and the blog that is running on WordPress.


Posted

in

, , ,

by