Skip to main content
This walkthrough demonstrates how to deploy a simple application and expose it securely to the internet using Kubernetes Ingress. It brings together the components such as, Ingress routing, ExternalDNS for DNS management, and cert-manager for automated TLS certificates, to deliver a working HTTPS-enabled application from start to finish.
1

Deploy the Application

kubectl create namespace hello
kubectl run hello-world \
  --image=k8s.gcr.io/echoserver:1.10 \
  --port=8080 \
  -n hello
2

Expose the Application with a Service

kubectl expose pod hello-world \
  --type=ClusterIP \
  --port=80 \
  --target-port=8080 \
  -n hello
3

Create an Ingress Resource with HTTPS

cat <<EOF | kubectl apply -f -
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: hello-ingress
  namespace: hello
  annotations:
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
spec:
  ingressClassName: nginx
  tls:
  - hosts:
    - app.example.com
    secretName: hello-tls
  rules:
  - host: app.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: hello-world
            port:
              number: 80
EOF
4

Test the Application

  • ExternalDNS automatically manages DNS records when the ingress controller Service is annotated, though synchronization may take a few minutes.
  • Verify that your domain points to the ingress controller’s public IP address(es).
  • Open https://app.example.com/ in a browser to confirm the application is reachable and displaying “Hello World”.
For additional examples, troubleshooting guidance, or clarification on any topics covered in this guide, refer to the resources below: