Tidy up - Unused Project and Nuget package reference using Visual Studio 2019

If you are a Developer/Architect using Visual Studio as IDE for your development activities, this blog post will be of your interest. During the Ignite 2021 conference, Microsoft released Visual Studio 2019 v16.9 and v16.10 Preview 1. As part of version 16.10 Preview 1, one of the cool features they introduced is to "Remove Unused References..." for any Projects and Nuget packages that are not in use. At the time of writing this blog post, we have Visual Studio Version 16.10.0 (official release) which includes this new feature.  As part of development, we generally get carried away and introduce new Nuget package references to your project and add new references to your Projects. By the end of development, you will not be 100% sure which are not being referenced and unused which means you will leave those unused project references in your application. Now you might be wondering what's the big deal in it since it doesn't harm. The advantage of removing unused project r

Automate Certificate Issue and Renewal process - k8s cluster

In this blog post, we will see if you have an existing or new Kubernetes cluster with Ingress resources how do we auto-renew the certificates. If it's not auto-renewed things need to be manually done e.g. every three months you have to renew certificates, delete the expired certificate and secret, update with new certificate secrets accordingly.  Manual is always tedious and not an ideal solution especially for your Test & Production environment. 

Pre-requisites

  1. Install and setup kubectl
  2. Install and setup Helm
  3. Kubernetes cluster already provisioned with Ingress resources.
Note: The scope of the blog post is to show how the certificate renewal process can be automated, the same logic can be moved to your Deployment pipelines.

Install Cert Manager

Installing Cert-Manager CRDs using the below command.

#For Kubernetes 1.15+
kubectl apply --validate=false \
-f https://github.com/jetstack/cert-manager/releases/download/v1.1.0/cert-manager.crds.yaml

We are installing the Cert Manager using helm. The below command adds Jetstack repo.

helm repo add jetstack https://charts.jetstack.io
helm repo update

Installing cert-manager. Let’s Encrypt has two environments staging and production. The staging environment issues certificates signed by ‘fake’ CAs.
 
helm install cert-manager \      
        jetstack/cert-manager \      
        --namespace cert-manager \      
        --set ingressShim.defaultIssuerName=letsencrypt-prod \      
        --set ingressShim.defaultIssuerKind=ClusterIssuer

Once you have installed can verify by checking cert-manager namespace for running pods

kubectl get pods -n cert-manager

Configure Cluster Issuer:

Create a file named letsEncrypt-ClusterIssuer.yaml with the below content. Update email id accordingly in the below content.

apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: <replace with your email address>
    privateKeySecretRef:
      name: letsencrypt-prod
    solvers:
      - http01:
          ingress:
            class: nginx

Apply the changes using the below command. We have created an Issuer in the default namespace.

kubectl apply -f letsencrypt-ClusterIssuer.yaml

To verify account registered successfully run the below command

kubectl describe clusterissuer cluster-issuer 

With that now all set to go. When you create your Ingress add the following annotation, if it's existing Ingress modify it accordingly. Provide "TLS" secret name in the same ingress resource file.
 
certmanager.k8s.io/cluster-issuer: letsencrypt-prod 
kubernetes.io/tls-acme: "true"

Comments

Popular posts from this blog

Tidy up - Unused Project and Nuget package reference using Visual Studio 2019

Swagger UI for Azure Function v2 & v3 APIs

Authenticate Azure Functions - API Keys