Free, Automatic HTTPS for Every Application, Including Custom Domains

Dan Pastusek
Aug 5, 2019

Starting today, all KubeSail users get free & automatic HTTPS whenever they expose an application to the internet. We believe security should be built into everything we offer, including our free tier. We've updated our system to give you access to more vanilla Kubernetes objects: this means you now get full access to Ingress and Certificate objects.

What?

An Ingress is a Kubernetes object which tells the cluster how to send external traffic to a particular Service.

An Ingress can serve either TCP or HTTP traffic - for HTTP services it typically includes three pieces of information:

  • The Hostname which identifies this traffic
  • The Service name and port which traffic will be sent to
  • For HTTPS, a Certificate for encryption

We enable the vanilla Kubernetes API, so most guides for creating an Ingress should work. Our UI also helps you create an Ingress - click on the "Ports" section of any deployment and choose "Expose to Internet"!

How?

Certificates use the cert-manager project to automatically issue completely free certificates from Let's Encrypt. Because we use the NGINX Ingress Controller, creating an Ingress object in your namespace also automatically creates a Certificate object and associated Secret if they don't exist already.

Here is a basic Ingress object which creates a web-accessible site using your free *.kubesail.io domain:

editApply YAML
Free KubeSail Cluster
or
Your Cluster
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: basic-ingress
spec:
  rules:
  - http:
      paths:
      - backend:
          serviceName: my-test-service
          servicePort: 8080

You can now check your Certificates with kubectl get certificates! This cert will automatically be used and HTTPS should "just work"!

Usage with custom domains

For custom domains, you'll need to define which hosts the certificate is valid for:

editApply YAML
Free KubeSail Cluster
or
Your Cluster
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: domain-ingress
spec:
  rules:
  - host: test.mywebsite.com
    http:
      paths:
      - backend:
          serviceName: my-test-service
          servicePort: 8080
  tls:
  - hosts:
    - test.mywebsite.com
    secretName: testsecret-tls

Easy! We're commited to empowering the vanilla Kuberetes API - so all of the documentation available in the official docs should work out of the box! Feel free to reach out to us on Twitter or Gitter if you have any questions!

What's next?

Stay tuned for more tools that make deploying your code even easier, like:

  • Deploy from GitHub (coming soon!)
  • Remote Docker image builder
  • Firewall editor
  • Metrics (and pretty graphs!)

Stay in the loop!

Give us a shout on twitter or gitter, check out some of our GitHub repos and be sure to join our mailing list!