Deploy a Spring Boot application to DigitalOcean Kubernetes with automatic DNS and TLS certificate management. Creating a single Ingress resource triggers ExternalDNS to create DNS records and cert-manager to provision Let's Encrypt certificates.
- DNS Automation: ExternalDNS creates A records in DigitalOcean
- TLS Automation: cert-manager provisions Let's Encrypt certificates
- Traffic Routing: HAProxy Ingress Controller routes traffic
- Multi-Environment: Separate dev and prod deployments
- DigitalOcean account with billing enabled
- Domain managed by DigitalOcean DNS
- DigitalOcean API token with Read/Write scopes
- CLI tools:
doctl,kubectl,helm,docker
# Set your configuration
export DOCKER_USERNAME="tapas4java"
export DOMAIN="platform.adhar.io"
export EMAIL="admin@adhar.io"
# Build and prepare deployment
./build-and-deploy.shdoctl kubernetes cluster create spring-dns-demo \
--region sgp1 \
--node-pool "name=worker-pool;size=s-2vcpu-4gb;count=2"# HAProxy Ingress Controller
helm repo add haproxy-ingress https://haproxy-ingress.github.io/charts
helm repo update
helm upgrade --install haproxy-ingress haproxy-ingress/haproxy-ingress \
--create-namespace --namespace haproxy-controller \
--set controller.service.type=LoadBalancer \
--set controller.service.externalTrafficPolicy=Cluster \
--set controller.replicaCount=2 \
--set controller.minAvailable=1 \
--set controller.publishService.enabled=true \
--set controller.publishService.path="haproxy-controller/haproxy-ingress"
# cert-manager
helm repo add jetstack https://charts.jetstack.io
helm repo update
helm upgrade --install cert-manager jetstack/cert-manager \
--namespace cert-manager --create-namespace \
--version v1.18.2 --set crds.enabled=true \
--wait --timeout 5m --atomic# Create API token secret (in the same namespace where ExternalDNS runs; default here)
kubectl create secret generic digitalocean-dns -n default \
--from-literal=digitalocean_token='YOUR_DO_API_TOKEN'
# Deploy manifests in correct order
kubectl apply -f manifests/haproxy-ingressclass.yaml
kubectl apply -f manifests/letsencrypt-issuer.yaml
kubectl apply -f manifests/externaldns-deploy.yaml
# Application
kubectl apply -f manifests/namespaces.yaml
kubectl apply -f manifests/spring-app-dev.yaml
kubectl apply -f manifests/spring-app-prod.yaml# Wait 1-2 minutes for DNS and certificate
https://spring.dev.platform.adhar.io
https://spring.prod.platform.adhar.io# Delete application resources
kubectl delete namespace dev
kubectl delete namespace prod
# Uninstall cert-manager if any error
helm -n cert-manager uninstall cert-manager
# Delete automation components
kubectl delete -f manifests/letsencrypt-issuer.yaml
kubectl delete -f manifests/externaldns-deploy.yaml
kubectl delete secret digitalocean-dns
# Delete infrastructure components
helm delete cert-manager -n cert-manager
helm delete haproxy-ingress -n haproxy-controller
# Destroy the DOKS cluster
doctl kubernetes cluster delete spring-dns-demo --force