K
Q

What's the easiest way to create an HTTPS endpoint on Kubernetes?

9/24/2019

I've created a simple Python API using responder and deployed it to Google Cloud with Kubernetes. I don't have a domain name just a raw IP address.

http://192.0.2.42/api/myapi

And deployed as:

kubectl get service
NAME         TYPE           CLUSTER-IP    EXTERNAL-IP    PORT(S)        AGE
kubernetes   ClusterIP      192.0.2.1     <none>         443/TCP        5d15h
web          LoadBalancer   192.0.2.100   192.0.2.42        80:32749/TCP   5d15h

and

kubectl get pods
NAME                   READY   STATUS    RESTARTS   AGE
my-pod-name   1/1     Running   0          16h

I'd like to make it an HTTPS endpoint so I can use it as:

https://192.0.2.42/api/myapi

But I am struggling to find the easiest way to do it.

Should this be something that is done via Kubernetes, or something that is done in the Python code? It doesn't look like responder provides an easy mechanism for this.

-- nickponline
kubernetes
lets-encrypt
python
ssl

Similar Questions

Kubernetes: print namespace in helm status output
pyspark spark-submit with python dependency from s3
How do I configure kubernetes with oidc and azure apps to allow authentication only with a specified Security Group
Ability to run gcloud commands from a container in GKE or CloudRun
How to access kubernetes application through ingress only

1 Answer

9/24/2019

If you're looking for the bare minimum level of effort to do this, you'll need to install an SSL certificate inside your docker container. You can also continue to use externalIP as you are now.

Then in responder you can enable HSTS to redirect http to https.

api = responder.API(enable_hsts=True)

Then just access your pod with

https://192.0.2.42/api/myapi

-- Shogan
Source: StackOverflow