Erlang cluster on Kubernetes: Introduction
A few weeks ago, I decided to write a blog post about using mutual TLS to secure Erlang distribution (clustering), with auto-provisioning of certificates when running in Kubernetes. It took a little longer to write up than I expected, and turned into a series of blog posts.
- Introduction (this post; )
- Initial Deployment ()
- HTTP Service ()
- Speeding up the container build ()
- Erlang Cookie ()
- Erlang Clustering ()
- TLS distribution ()
- Simple init container ()
- Creating CSRs with OpenSSL ()
- Submitting CSRs to cert-manager ()
- Using the generated certificates ()
- SSH daemon ()
- SSH public key authentication ()
- Is it mutual? ()
- Readiness Probe ()
- Non-root user ()
- pid zero ()
- Namespace-scoped issuer ()
- Polling CertificateRequest ()
- CertificateRequest cleanup ()
- Conclusion ()
You can follow along by cloning the rlipscombe/erlang-cluster project from Github. The posts in this series and the merge commits in that project are broadly lined up.
I also spent about 8 hours rewriting the commit history of the project so that it forms a coherent story. Please feel free to read it as one.
Related posts
- Erlang clustering recap
- Erlang TLS Distribution
- Options for automatically creating certificates for mutual pod authentication
- Installing cert-manager
- Erlang application versioning