Use TLS when a Kubernetes service receives traffic from browsers, API clients, webhooks, or external systems.
Recommended flow
Deploy the application
Deploy your workload and confirm the pods are healthy.
Create a service
Expose the deployment with a service.
Attach a hostname
Use the service hostname created by LayerRail or point a custom DNS record at the load balancer.
Enable TLS
Use your ingress controller or certificate manager to request and renew certificates.
Example service
apiVersion: v1
kind: Service
metadata:
name: web
spec:
type: LoadBalancer
selector:
app: web
ports:
- port: 80
targetPort: 3000
Certificate management
You can use standard Kubernetes tooling such as cert-manager when your cluster is configured for public DNS validation or HTTP validation.
Service hostnames under LayerRail-managed domains can show a waiting page until an application is attached and serving traffic.
