Free, Automatic HTTPS for Every Application, Including Custom Domains

Dan Pastusek
Aug 5, 2019

Starting today, all KubeSail users get free & automatic HTTPS whenever they expose an application to the internet. We believe security should be built into everything we offer, including our free tier. We've updated our system to give you access to more vanilla Kubernetes objects: this means you now get full access to IngressAn Ingress object manages external access to the services in a cluster, typically HTTPRead More... and CertificateCertificates are a request for an X.509 Certificate to be issued from cert-managerRead More... objects.

What?

An IngressAn Ingress object manages external access to the services in a cluster, typically HTTPRead More... is a Kubernetes object which tells the cluster how to send external traffic to a particular ServiceA Service describes how to access your applications over the network - either within your namespace or from the Internet. Services point DNS addresses at Pods, and are usually pointed to in turn by an Ingress.Read More....

An IngressAn Ingress object manages external access to the services in a cluster, typically HTTPRead More... can serve either TCP or HTTP traffic - for HTTP services it typically includes three pieces of information:

  • The Hostname which identifies this traffic
  • The ServiceA Service describes how to access your applications over the network - either within your namespace or from the Internet. Services point DNS addresses at Pods, and are usually pointed to in turn by an Ingress.Read More... name and port which traffic will be sent to
  • For HTTPS, a CertificateCertificates are a request for an X.509 Certificate to be issued from cert-managerRead More... for encryption

We enable the vanilla Kubernetes API, so most guides for creating an IngressAn Ingress object manages external access to the services in a cluster, typically HTTPRead More... should work. Our UI also helps you create an IngressAn Ingress object manages external access to the services in a cluster, typically HTTPRead More... - click on the "Ports" section of any deployment and choose "Expose to Internet"!

How?

Certificates use the cert-manager project to automatically issue completely free certificates from Let's Encrypt. Because we use the NGINX Ingress Controller, creating an IngressAn Ingress object manages external access to the services in a cluster, typically HTTPRead More... object in your namespace also automatically creates a CertificateCertificates are a request for an X.509 Certificate to be issued from cert-managerRead More... object and associated SecretA secret is a file, set of keys and values, or blob of data which can be provided to particular podsRead More... if they don't exist already.

Here is a basic IngressAn Ingress object manages external access to the services in a cluster, typically HTTPRead More... object which creates a web-accessible site using your free *.kubesail.io domain:

Apply
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: basic-ingress
spec:
rules:
- http:
paths:
- backend:
serviceName: my-test-service
servicePort: 8080
הההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההה
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

You can now check your CertificatesCertificates are a request for an X.509 Certificate to be issued from cert-managerRead More... with kubectl get certificates! This cert will automatically be used and HTTPS should "just work"!

Usage with custom domains

For custom domains, you'll need to define which hosts the certificate is valid for:

Apply
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: domain-ingress
spec:
rules:
- host: test.mywebsite.com
http:
paths:
- backend:
serviceName: my-test-service
servicePort: 8080
tls:
- hosts:
- test.mywebsite.com
secretName: testsecret-tls
הההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההה
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Easy! We're commited to empowering the vanilla Kuberetes API - so all of the documentation available in the official docs should work out of the box! Feel free to reach out to us on Twitter or Gitter if you have any questions!

What's next?

Stay tuned for more tools that make deploying your code even easier, like:

  • Deploy from GitHub (coming soon!)
  • Remote Docker image builder
  • Firewall editor
  • Metrics (and pretty graphs!)

Stay in the loop!

Give us a shout on twitter or gitter, checkout some of our GitHub repos and be sure to join our mailing list!