Starting today, all KubeSail users get free & automatic HTTPS whenever they expose an application to the internet. We believe security should be built into everything we offer, including our free tier. We've updated our system to give you access to more vanilla Kubernetes objects: this means you now get full access to Ingress and Certificate objects.
An Ingress is a Kubernetes object which tells the cluster how to send external traffic to a particular Service.
An Ingress can serve either TCP or HTTP traffic - for HTTP services it typically includes three pieces of information:
- The Hostname which identifies this traffic
- The Service name and port which traffic will be sent to
- For HTTPS, a Certificate for encryption
We enable the vanilla Kubernetes API, so most guides for creating an Ingress should work. Our UI also helps you create an Ingress - click on the "Ports" section of any deployment and choose "Expose to Internet"!
Certificates use the cert-manager project to automatically issue completely free certificates from Let's Encrypt. Because we use the NGINX Ingress Controller, creating an Ingress object in your namespace also automatically creates a Certificate object and associated Secret if they don't exist already.
Here is a basic Ingress object which creates a web-accessible site using your free
apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: name: basic-ingress spec: rules: - http: paths: - backend: serviceName: my-test-service servicePort: 8080
You can now check your Certificates with
kubectl get certificates! This cert will automatically be used and HTTPS should "just work"!
Usage with custom domains
For custom domains, you'll need to define which
hosts the certificate is valid for:
apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: name: domain-ingress spec: rules: - host: test.mywebsite.com http: paths: - backend: serviceName: my-test-service servicePort: 8080 tls: - hosts: - test.mywebsite.com secretName: testsecret-tls
Easy! We're commited to empowering the vanilla Kuberetes API - so all of the documentation available in the official docs should work out of the box! Feel free to reach out to us on Twitter or Gitter if you have any questions!
Stay tuned for more tools that make deploying your code even easier, like:
- Deploy from GitHub (coming soon!)
- Remote Docker image builder
- Firewall editor
- Metrics (and pretty graphs!)