Getting started

Let’s do it

In this step-by-step guide we are going to deploy a web application exposing it to the whole world.

Kubernetes client configuration

Assuming you have already downloaded your namespace configuration file (let’s name it kubernetes.config) and you have the kubernetes client (kubectl) installed:

$ cd /tmp
$ ls kubernetes.config
# Lets configure the kubernetes client with the kubernetes.config config file
$ export KUBECONFIG=$(pwd)/kubernetes.config
$ kubectl get issuer
NAME                            AGE
angelbarrerasanchez-gmail-com   2m

With the creation of a namespace you already have available your issuer (user) to request for HTTPS TLS certificates, so easy.

Prepare the deployment

We’re going to deploy the hello-world example open to the whole world. Contains three different kubernetes objects: Deployment, Service and Ingress.

You can find more examples in our examples Gitlab group.

$ pwd
# Clone the hello-world example
$ git clone
Cloning into 'hello-world'...
remote: Enumerating objects: 8, done.
remote: Counting objects: 100% (8/8), done.
remote: Compressing objects: 100% (6/6), done.
remote: Total 8 (delta 1), reused 0 (delta 0)
Unpacking objects: 100% (8/8), done.
$ cd hello-world/
$ ls *.yml
deployment.yml  ingress.yml  service.yml

To make this example work, we must modify two attributes of the ingress definition:

Find example-issuer and replace the value (example-issuer) with your issuer name:

$ kubectl get issuer
NAME                            AGE
angelbarrerasanchez-gmail-com   37m

Result: angelbarrerasanchez-gmail-com.

Find (there are two) and replace with a subdomain within the subdomain assigned as whitelist.

Result: Assuming your assigned subdomain whitelist is: *

Your ingress should looks like:

apiVersion: extensions/v1beta1
kind: Ingress
  name: hello-world
  annotations: "true" angelbarrerasanchez-gmail-com
  - hosts:
    secretName: hello-world-certificate
  - host:
      - path: /
          serviceName: hello-world
          servicePort: 80


$ pwd
$ kubectl apply -R -f .
deployment.apps/hello-world created
ingress.extensions/hello-world created
service/hello-world created

After a few moments, output should looks like this:

$ kubectl get deploy,pod,svc,ingress
NAME                                DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
deployment.extensions/hello-world   2         2         2            2           4m27s

NAME                              READY   STATUS    RESTARTS   AGE
pod/hello-world-dbcb5cc9f-2m4lx   1/1     Running   0          4m27s
pod/hello-world-dbcb5cc9f-cqn56   1/1     Running   0          4m26s

NAME                  TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)   AGE
service/hello-world   ClusterIP   <none>        80/TCP    4m27s

NAME                             HOSTS                                                   ADDRESS         PORTS     AGE
ingress.extensions/hello-world   80, 443   4m27s

This example is available here: