Skip to content
Kubernetes Environment
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

Kubernetes Environment

The Kubernetes environment is a setup of a reverse proxy, that automatically detects new ingress routes, creates a Let's Encrypt certificate for them and points the domain name to the right IP. There is no more need to manually manage DNS records or certificates. Publishing new services is easy and very fast. The proxy automatically handles all the routing of the request to the right services.

In more detail, the following components are involved:

  • Load balancer: Is created in front of the Kubernetes cluster and passes the requests to the Traefik instances.
  • Traefik: Is a reverse proxy and handles the routing of the requests coming from the load balancer to the appropriate services.
  • external-dns: Points the DNS records of the services to the load balancer.
  • cert-manager: Creates certificates for the services that Traefik is using/serving when proxing the requests.

Currently the following cloud providers are supported (for Kubernetes and DNS services):

Table of content


Locally you have to have the following tools installed:

Make sure that kubectl is able to connect to the cluster and that the current context is configured to the appropriate cluster:

kubectl config current-context


Rename the file config.example.yml to config.yml and adjust the variables for your needs.

The passwords for the users, who can access the dashboard, must be hashed using the following command:

htpasswd -n username

Install the Proxy

To install the proxy, run the command:

python3 proxy install --file config.yml

Install an Application

The file application.yml contains an example configuration of an application. You can only modify the host names in the example to one of your domain names and then run the application by executing:

kubectl apply -f application.yml

The example shows, that it is easy to set up a new service. The important values that should be adjusted at a ingress definition are as already mentioned the domain names and the following values:

  • This value defines which issuer should be used to generate the certificate. Currently supported are letsencrypt-production to create valid certificates and letsencrypt-staging to only create certificates with the staging environment of Let's Encrypt.

  • secretName: The secret name indicates the secret where the certificate should be stored.


If you are intrested in contributing, feel free to open a pull request. Just make sure that all tests are passing:

python3 -m unittest discover proxy


About Bits is a company based in South Tyrol, Italy. You can find more information about us on our website.


For support, please contact



The MIT License (MIT). Please see the license file for more information.

You can’t perform that action at this time.