The Problem

I need to expose a Kubernetes NodePort service externally over https.

The Setup

• I've deployed Kubernetes on bare-metal and have deployed Polyaxon on the cluster via Helm
• I need to access Polyaxon's dashboard via the browser, using a virtual machine that's external to the cluster
• The dashboard is exposed as a NodePort service, and I'm able to connect to it over http. I am not able to connect over https, which is a hard requirement in my case.
• Following an initial "buildout" period, both the cluster and the virtual machine will not have access to the broader internet. They will connect to one another and that's it.

Polyaxon supposedly supports SSL/TLS through its own configs, but there's very little documentation on this. I've made my best attempts to solve the issue that way and also bumped an issue on their github, but haven't had any luck so far.

So I'm now wondering if there might be a more general Kubernetes hack that could help me here.

The Solutions

I'm looking for the simplest solution, rather than the most elegant or scalable. There are also some things that might make my situation simpler than the average user who would want https, namely:

• It would be OK to support https on just one node, rather than every node
• I don't need (or really want) a domain name; connecting at https://<ip_address>:<port> is not just OK but preferred
• A self-signed certificate is also OK

So I'm hoping there's some way to manipulate the NodePort service directly such that https will work on the virtual machine. If that's not possible, other solutions I've considered are using an Ingress Controller or some sort of proxy, but those solutions are both a little half-baked in my mind. I'm a novice with both Kubernetes and networking ideas in general, so if you're going to propose something more complex please speak very slowly :)

Thanks a ton for your help!