You want to have your Kubernetes cluster reachable from outside, but you don't want to pay for an expensive load balancer. What do you do?

Ideally, there would be a good, easy answer to this. Unfortunately, it turns out this is somewhat complicated. Kubernetes is designed for lots of flexibility, but that means there are lots of knobs to get right. And as a microservice orchestrator, a lot of what it looks to do is either internal or abstracted.

So, I've been pulling my hair out on this one for some time, and when I got something that basically works going I was very happy. It feels like it should work, but I'm a bit concerned that I'm abusing or hacking things a bit.

I'll explain what I think I've done, and solicit feedback on things. I created a service that listens on port 80, and uses a selector to send traffic to my pod. I'm using the node address, which happens to be the spot where inbound traffic is sent to by default.

Now that I have HTTP or port 80 working, of course I now want HTTPS or port 443 to work. I think the general inflow will work, and I can figure out how to acquire the CERT outside K8s, but -- can I (1) use more than one host, and (2) can I use a Kubernetes container to set up a Let's Encrypt cert and possibly renew it? First I want to focus on getting a simple SSL connection working. More to come after that.