Join us on July 18th for a webinar on CI/CD Pipeline Optimization with APIs & K8s. Register now

Back to blog

Enable TLS with Kubernetes Ingress in Less Than 2 Minutes

May 26, 2020 | 4 min read

Set up automatic HTTPS with the Edge Stack API Gateway

Supporting HTTPS on your website and public APIs is an essential requirement for cloud native applications. Search engines rank HTTPS-enabled sites higher than insecure sites, and enabling Transport Level Security TLS for consumer-facing APIs dramatically reduces the ability for bad actors to sniff traffic and perform man-in-the-middle attacks. However, configuring HTTPS and managing ingress TLS certificates when deploying applications into Kubernetes is not easy.

Setting Up Kubernetes TLS with Cert-Manager or Lets Encrypt

The standard approach is to use open source tools such as JetStack’s cert-manager and Let’s Encrypt to set up Kubernetes TLS. While this is the common approach, it is not always optimal for a number of reasons

First, you need access to your domain to configure Kubernetes TLS properly. In larger organizations, getting access to the domain isn’t trivial. Even in smaller organizations, it can be a challenging process to locate the right people, get access, and configure cert-manager. If you are simply looking to prototype a small application or service this can be a blocker to using TLS. This in turn can mean that any prototype being tested isn’t being deployed with a production-like security configuration.

Second, ongoing certificate management can be problematic. Using open source tools like cert-manager require multiple steps to install new certificates, and you also have to configure your Edge Stack API gateway each time a cert is installed.

And third, all of this assumes you have a domain you can use. Even if you have access to a corporate domain, a corporate domain may not be practical for just trying something out quickly.

Setting up K8s TLS with the Edge Stack API Gateway & Kubernetes Ingress

Edge Stack API Gateway is the easiest way to get Kubernetes Ingress TLS configured. Edge Stack includes everything you need: a certificate manager, a certificate, and most importantly, a temporary domain pre-configured to get you up and running. Once your app is ready to go into production, the certificate manager in Edge Stack makes it easy to keep your certificates current.

With the Edge Stack API Gateway, Kubernetes certificate management goes from this:

How To Get Kubernetes TLS The Easy Way

Using our new edgectl installer (think kubectl but for the edge), the Edge Stack API Gateway will get you up and running with an HTTPS for your Kubernetes application.

Super easy. Three steps.

1. Download edgectl.

2. Type edgectl install.

3. Your browser will automatically open

Boom! You have a hosted domain name that exposes your Kubernetes services to the outside world via TLS.

How does this all work? Kubernetes TLS termination requires a fully-qualified domain name (FQDN) that can be seen from any client. Since setting one of these up can be difficult for a variety of reasons, Edge Stack takes care of this for you. By downloading and installing edgectl, Edge Stack will create an HTTPS-enabled domain for you at, <random-word>, provisioning the FQDN, DNS record, and valid certificate.

With one command and in less than 2 minutes you now have a comprehensive Kubernetes-native edge solution deployed with TLS in place in your application.

Here is a quick video explaining how it works:

Set up Automatic TLS on a Unique Domain with Edge Stack API Gateway

Get Started

There is an Easter Egg in the startup sequence. If you find it, follow the directions and we will send you something fun. We want more people to know that getting started with Kubernetes doesn’t need to be hard. Providing a way to configure TLS with Kubernetes Ingress and easily get HTTPS-secured traffic routed into your Kubernetes cluster solves a large chunk of the getting started problems. Get started with the Edge Stack API Gateway.