Without SSL certificate

Copy the following into a file:

app1-without-ssl.yml

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    run: app1
  name: app1
spec:
  replicas: 1
  selector:
    matchLabels:
      run: app1
  template:
    metadata:
      labels:
        run: app1
    spec:
      containers:
      - name: app1
        image: nginx
        ports:
        - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  labels:
    run: app1
  name: app1
spec:
  selector:
    run: app1
  ports:
  - name: port-1
    port: 80
    protocol: TCP
    targetPort: 80
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: ingress-app1
  namespace: default
spec:
  rules:
  - host: foo.bar
    http:
      paths:
      - path: /
        backend:
          serviceName: app1
          servicePort: 80

and deploy it with:

kubectl apply -f app1-without-ssl.yml

We use foo.bar here as domain so you don't have to create a DNS entry for this how-to. If you want to use a real domain, change it to your needs and create a DNS entry for it by ponting the domain to your load balancer IP.

Check with 

kubectl get pods

if the pod is running and test it with: 

curl -H "Host:foo.bar" http://YOUR-PUPLIC-IP

With SSL certificate

Before your deploy the following example, you need to point a real domain to your public IP via DNS so Lets Encrypt can verify it.

Copy the following into a file but change YOUR-DOMAIN.example.com to the domain you created a DNS entry for.

app2-with-ssl.yml

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    run: app2
  name: app2
spec:
  replicas: 1
  selector:
    matchLabels:
      run: app2
  template:
    metadata:
      labels:
        run: app2
    spec:
      containers:
      - name: app2
        image: nginx
        ports:
        - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  labels:
    run: app2
  name: app2
spec:
  selector:
    run: app2
  ports:
  - name: port-1
    port: 80
    protocol: TCP
    targetPort: 80
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: ingress-app2
  namespace: default
  annotations:
    kubernetes.io/ingress.class: "haproxy"
    certmanager.k8s.io/cluster-issuer: "letsencrypt-production"
    kubernetes.io/tls-acme: "true"
    ingress.kubernetes.io/ssl-redirect: "true"
spec:
  tls:
  - hosts:
    - YOUR-DOMAIN.example.com
    secretName: YOUR-DOMAIN.example.com
  rules:
  - host: YOUR-DOMAIN.example.com
    http:
      paths:
      - path: /
        backend:
          serviceName: app2
          servicePort: 80

Deploy it:

kubectl apply -f app2-with-ssl.yml

Check if the pod is running: 

kubectl get pods

and visit https://YOUR-DOMAIN.example.com. 

This example is based on the haproxy-ingress which takes options like 

    ingress.kubernetes.io/ssl-redirect: "true"

from annotations in the ingress object. Check the official docs for more features.

There are other solutions for ingress like nginx-ingress or istio. It is possible for you to change the default ingress we install but you should be aware that these solutions need other configuration parameters and the provided examples how to deploy apps will not work.  

Did this answer your question?