1. Create a folder for the environment

This is a temporary place where we’ll create and configure our SE2 environment:

mkdir my-se2

cd my-se2

2. Start up our Kubernetes cluster

Kubernetes clusters usually live on the cloud. However, with minikube, we can create a local one to use:

minikube start

3. Expose our cluster to the internet with ngrok

This command will forward all requests to a randomly-generated URL to http://localhost:80

ngrok http http://localhost

Jot down that URL generated by ngrok! It’ll look something like

4. Generate your SE2 manifests

Next we’ll be using Subo to generate our Kubernetes manifest files!

subo se2 deploy --dryrun

You will be asked for a domain. Please make sure to enter your domain from ngrok.

This will generate some Kubernetes manifest files, which will now live in the .suborbital/ folder:

  • se2-deployment.yaml
  • se2-autoscale.yaml
  • se2-controlplane-deployment.yaml

5. Disable TLS checks in the SE2 environment

Open up .suborbital/se2-controlplane-deployment.yaml in your editor of choice, and make the following changes.

We are disabling the built-in TLS certificate provisioning, as ngrok already takes care of this for us.

Under the Builder Container:

- name: builder
          image: suborbital/se2-builder:v0.4.2
          command: ["builder"]

            - containerPort: 8080
            - containerPort: 8443

            - name: SE2_DOMAIN
              value: "<YOUR_NGROK_DOMAIN>"

            - name: SE2_TLS_PORT
              value: "8443"

            - name: SE2_LOG_LEVEL
              value: "info"

            - name: SE2_CONTROL_PLANE
              value: "se2-controlplane-service:8081"

            - mountPath: "/home/se2"
              name: controlplane-storage

Delete the following line:

delete containerPort: 8443

Delete the following key-value pair:

- name: SE2_DOMAIN
  value: "<YOUR_NGROK_DOMAIN>"

Replacing the following key-value pair:

- name: SE2_TLS_PORT
  value: "8443"

With the following:

value: "8080"

Under the se2-builder-service:

apiVersion: v1
kind: Service
  namespace: suborbital
  name: se2-builder-service
    app: se2-controlplane
    - protocol: TCP
      name: challenge
      port: 80
      targetPort: 8080
    - protocol: TCP
      name: https
      port: 443
      targetPort: 8443
  type: LoadBalancer

Our builder service no longer needs to expose HTTPS ports as ngrok will forward both HTTP and HTTPS traffic to port 80.

Remove the following lines:

- protocol: TCP
  name: https
  port: 443
  targetPort: 8443

6. Deploy to your cluster

Run the following Subo command to deploy SE2 to your cluster:

subo se2 deploy

7. Setup minikube tunneling

Let’s tell minikube to forward requests to port 80 to our cluster!

minikube tunnel

8. Create an editor token

In order to test our editor, we’re going to come up with a plugin name, and create a token so we can access it!

This can only be done as an API call from within your cluster. Since we’re currently not running an app in our cluster, we’ll just make the call from within!

First, we’ll need the name of our control plane pod:

kubectl get pod -n suborbital

Your output will look something like this:

NAME                                           READY   STATUS    RESTARTS   AGE
se2-deployment-7bfb9d76c6-sv5dr                1/1     Running   0          1s
se2-controlplane-deployment-5699f779f7-xmkhr   2/2     Running   0          1s

Let’s take that full name of our se2-controlplane-deployment pod and start a bash session inside it:

kubectl exec -n suborbital -it se2-controlplane-deployment-<REST OF POD CODENAME> -- bash

Would you look at that, we’re inside our cluster now!

Let’s install curl:

apt update; apt install curl

With curl installed, we can now get our editor token for testing:

curl [<IDENT>/default/](<PLUGIN_NAME>

In which:

  • IDENT: Customer identity, for example: com.example.12345
  • PLUGIN_NAME : A name for your plugin This will give you a JSON response with a token. Let’s copy it!

9. Try out the plugin editor

The plugin editor is available through building a specific URL. We can do that now that we have all the ingredients. In your browser, try opening up the following URL:


In which:

  • NGROK_DOMAIN: The domain generated by ngrok in step 3
  • EDITOR_TOKEN: The token generated by the control plane API in step 8
  • IDENT: Customer identity, for example: com.example.12345
  • PLUGIN_NAME : A name for your plugin
  • LANGUAGE_TEMPLATE: A template to be prefilled when opening the editor for a new plugin, defaulting to AssemblyScript.