Erlang cluster on Kubernetes: Introduction

A few weeks ago, I decided to write a blog post about using mutual TLS to secure Erlang distribution (clustering), with auto-provisioning of certificates when running in Kubernetes. It took a little longer to write up than I expected, and turned into a series of blog posts.

• Introduction (this post; 21 Dec 2022 19:40)
• Initial Deployment (21 Dec 2022 19:45)
• HTTP Service (21 Dec 2022 19:47)
• Speeding up the container build (21 Dec 2022 19:49)
• Erlang Cookie (21 Dec 2022 19:51)
• Erlang Clustering (21 Dec 2022 19:52)
• TLS distribution (22 Dec 2022 09:52)
• Simple init container (22 Dec 2022 09:56)
• Creating CSRs with OpenSSL (22 Dec 2022 09:58)
• Submitting CSRs to cert-manager (22 Dec 2022 10:01)
• Using the generated certificates (22 Dec 2022 10:04)
• SSH daemon (22 Dec 2022 14:35)
• SSH public key authentication (22 Dec 2022 15:25)
• Is it mutual? (22 Dec 2022 16:45)
• Readiness Probe (22 Dec 2022 17:50)
• Non-root user (22 Dec 2022 18:08)
• pid zero (22 Dec 2022 18:13)
• Namespace-scoped issuer (23 Dec 2022 17:06)
• Polling CertificateRequest (23 Dec 2022 17:19)
• CertificateRequest cleanup (23 Dec 2022 17:36)
• Conclusion (23 Dec 2022 18:09)

You can follow along by cloning the rlipscombe/erlang-cluster project from Github. The posts in this series and the merge commits in that project are broadly lined up.

I also spent about 8 hours rewriting the commit history of the project so that it forms a coherent story. Please feel free to read it as one.

Related posts

• Erlang clustering recap
• Erlang TLS Distribution
• Options for automatically creating certificates for mutual pod authentication
• Installing cert-manager
• Erlang application versioning

Follow-up posts

• Erlang cluster on Kubernetes: Fatal - Certificate Expired
• Erlang cluster on Kubernetes: Rotating CA certificates